In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,libressl-v2.9.2

it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck OpenBSD 6.5 errata 002
author: tb <> 2019-05-15 19:25:15 +0000
committer: tb <> 2019-05-15 19:25:15 +0000
commit: f0d432029321083529b36d45280f5308ff8bf24f (patch)
tree: 7794ac176604511eae92c015faba1283de549d7e
parent: 39ea782f8d3743e9fc4a3caccf90f833d3dc65a1 (diff)
download: openbsd-libressl-v2.9.2.tar.gz
openbsd-libressl-v2.9.2.tar.bz2
openbsd-libressl-v2.9.2.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 0e37cc3cc0..00afe1e586 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.44 2019/03/25 17:21:18 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.44.2.1 2019/05/15 19:25:15 tb Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1822,7 +1822,8 @@ static struct tls_extension tls_extensions[] = {
 #ifndef OPENSSL_NO_SRTP
        {
                .type = TLSEXT_TYPE_use_srtp,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
+                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH /* XXX */ |
+                    SSL_TLSEXT_MSG_EE,
                .client = {
                        .needs = tlsext_srtp_client_needs,
                        .build = tlsext_srtp_client_build,
author	tb <>	2019-05-15 19:25:15 +0000
committer	tb <>	2019-05-15 19:25:15 +0000
commit	f0d432029321083529b36d45280f5308ff8bf24f (patch)
tree	7794ac176604511eae92c015faba1283de549d7e
parent	39ea782f8d3743e9fc4a3caccf90f833d3dc65a1 (diff)
download	openbsd-libressl-v2.9.2.tar.gz openbsd-libressl-v2.9.2.tar.bz2 openbsd-libressl-v2.9.2.zip