granicus.if.org Git - openssl/commit

author	Emilia Kasper <emilia@openssl.org>
	Tue, 22 Sep 2015 13:20:26 +0000 (15:20 +0200)
committer	Emilia Kasper <emilia@openssl.org>
	Thu, 3 Mar 2016 12:53:26 +0000 (13:53 +0100)
commit	062178678f5374b09f00d70796f6e692e8775aca
tree	ae299cf72a32514f7e5315af16977976f6083c86	tree \| snapshot
parent	d6c2587967f93f2f9c226bda9139ae427698f20f	commit \| diff

Refactor ClientHello extension parsing

1) Simplify code with better PACKET methods.

2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.

3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.

4) Send an alert on ALPN protocol mismatch.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

CHANGES		diff \| blob \| history
include/openssl/ssl.h		diff \| blob \| history
include/openssl/tls1.h		diff \| blob \| history
ssl/packet_locl.h		diff \| blob \| history
ssl/s3_enc.c		diff \| blob \| history
ssl/t1_enc.c		diff \| blob \| history
ssl/t1_lib.c		diff \| blob \| history
test/packettest.c		diff \| blob \| history
test/recipes/80-test_ssl.t		diff \| blob \| history