openbsd/src, branch libressl-v3.2.0

openbsd/src, branch libressl-v3.2.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.2.0 2020-06-01T01:11:52+00:00 bump to LibreSSL 3.2.1 2020-06-01T01:11:52+00:00 bcook 2020-06-01T01:11:52+00:00 urn:sha1:a530903ba77b59c83670ee1290660474960bbf06 Replace ssl_max_server_version() with ssl_downgrade_max_version() 2020-05-31T18:03:32+00:00 jsing 2020-05-31T18:03:32+00:00 urn:sha1:354a3e8ef8994750d21e12eda969485e19c89844 Replace the only occurrence of ssl_max_server_version() with a call to ssl_downgrade_max_version() and remove ssl_max_server_version(). ok beck@ tb@ When building a chain look for non-expired certificates first. 2020-05-31T17:23:39+00:00 jsing 2020-05-31T17:23:39+00:00 urn:sha1:b58339bdd340fd191f9c64b87b63329517526f62 Currently, when building a certificate chain we look up an issuer and if it is the only issuer certificate available we still use it even if it has expired. When X509_V_FLAG_TRUSTED_FIRST is not in use, untrusted certificates are processed first and if one of these happens to be expired it will be used to build the chain, even if there is another non-expired option in the trusted store. Rework this code so that we first look for a non-expired untrusted certificate. If one does not exist then we take a look in the trusted store to see if we would be able to build the chain and only if there is not, do we then look for an expired untrusted certificate. This makes certificate validation possible for various sites that are serving expired AddTrust certificates. Issue reported by Christian Heimes via GitHub. ok beck@ tb@ Correct downgrade sentinels when a version pinned method is in use. 2020-05-31T16:36:35+00:00 jsing 2020-05-31T16:36:35+00:00 urn:sha1:059c16b3ca987ee98bd63a9cf4d0c58bfc02334e Previously only the enabled protocol versions were considered, however we also have to consider the method in use which may be version pinned. Found the hard way by danj@ with haproxy and force-tlsv12. ok beck@ inoguchi@ tb@ Fix printing long doubles on architectures with hm and lm bits. 2020-05-31T12:27:19+00:00 mortimer 2020-05-31T12:27:19+00:00 urn:sha1:5037a9d3f0ac53ff43e2fe5bbb75fbaf97c9a510 Issue reported with initial patch by enh@google.com. ok deraadt@ Improve server certificate selection for TLSv1.3. 2020-05-29T18:00:10+00:00 jsing 2020-05-29T18:00:10+00:00 urn:sha1:d1a8b3df6a3db04aefa03855f802f5bb704acb17 This allows an EC certificate to be selected and used, if the client sigalgs would allow it. With feedback from tb@ ok inoguchi@ tb@ Handle the case where we receive a valid 0 byte application data record. 2020-05-29T17:54:58+00:00 jsing 2020-05-29T17:54:58+00:00 urn:sha1:7070918d4e1d615c3ccbeeb9ec2179558022a939 In this situation we cannot return zero bytes, as that signals EOF. Rather we need to return TLS13_IO_WANT_POLLIN so tell the caller to call us again, at which point we'll pull up the next record. ok tb@ Wire up the servername callback in the TLSv1.3 server. 2020-05-29T17:47:30+00:00 jsing 2020-05-29T17:47:30+00:00 urn:sha1:e0e84f310956950abc8c5d9f225578b3f6945ee9 This makes SNI work correctly with TLSv1.3. Found the hard way by danj@, gonzalo@ and others. ok beck@ inoguchi@ tb@ Mop up servername_done, which is unused. 2020-05-29T17:39:42+00:00 jsing 2020-05-29T17:39:42+00:00 urn:sha1:0fa647cafcb45ea07c768d172165a3a041e8c58f ok beck@ inoguchi@ tb@ Add checks for SH downgrade sentinel and HRR hash in appstest.sh 2020-05-29T14:26:01+00:00 inoguchi 2020-05-29T14:26:01+00:00 urn:sha1:05d040d93899e024e1d972c5f863af8a19a0d5b6