summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_srvr.c
diff options
context:
space:
mode:
authorjsing <>2024-07-19 08:56:17 +0000
committerjsing <>2024-07-19 08:56:17 +0000
commitcc7dc6e9b7012526aa3797842d226b3a275a7e70 (patch)
treef7c486e99793aa346ba7c649bc01d3ce39f81718 /src/lib/libssl/ssl_srvr.c
parentf8eff50c9ac6772239e96a6d2031a83bac497a15 (diff)
downloadopenbsd-cc7dc6e9b7012526aa3797842d226b3a275a7e70.tar.gz
openbsd-cc7dc6e9b7012526aa3797842d226b3a275a7e70.tar.bz2
openbsd-cc7dc6e9b7012526aa3797842d226b3a275a7e70.zip
Annotate issues with tls_session_secret_cb() related code.
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_srvr.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index d6b7de1efd..01155a8d6d 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.162 2024/07/19 08:54:31 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.163 2024/07/19 08:56:17 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1082,6 +1082,13 @@ ssl3_get_client_hello(SSL *s)
1082 s->s3->hs.client_ciphers = ciphers; 1082 s->s3->hs.client_ciphers = ciphers;
1083 ciphers = NULL; 1083 ciphers = NULL;
1084 1084
1085 /*
1086 * XXX - this allows the callback to use any client cipher and
1087 * completely ignore the server cipher list. We should ensure
1088 * that the pref_cipher is in both the client list and the
1089 * server list.
1090 */
1091
1085 /* Check if some cipher was preferred by the callback. */ 1092 /* Check if some cipher was preferred by the callback. */
1086 if (pref_cipher == NULL) 1093 if (pref_cipher == NULL)
1087 pref_cipher = ssl3_choose_cipher(s, s->s3->hs.client_ciphers, 1094 pref_cipher = ssl3_choose_cipher(s, s->s3->hs.client_ciphers,
@@ -1093,6 +1100,7 @@ ssl3_get_client_hello(SSL *s)
1093 } 1100 }
1094 s->session->cipher = pref_cipher; 1101 s->session->cipher = pref_cipher;
1095 1102
1103 /* XXX - why? */
1096 sk_SSL_CIPHER_free(s->cipher_list); 1104 sk_SSL_CIPHER_free(s->cipher_list);
1097 s->cipher_list = sk_SSL_CIPHER_dup(s->s3->hs.client_ciphers); 1105 s->cipher_list = sk_SSL_CIPHER_dup(s->s3->hs.client_ciphers);
1098 } 1106 }