diff options
| author | jsing <> | 2020-05-09 15:47:11 +0000 |
|---|---|---|
| committer | jsing <> | 2020-05-09 15:47:11 +0000 |
| commit | 99c3d9d6560601ac170c9657a01cf72bd69cfe63 (patch) | |
| tree | 6e8f214c20026414855c7920faf36b25a965c998 /src/lib/libssl/tls13_client.c | |
| parent | a50006cf45926d40abfb52acfd1a5a04779f7ba4 (diff) | |
| download | openbsd-99c3d9d6560601ac170c9657a01cf72bd69cfe63.tar.gz openbsd-99c3d9d6560601ac170c9657a01cf72bd69cfe63.tar.bz2 openbsd-99c3d9d6560601ac170c9657a01cf72bd69cfe63.zip | |
Send dummy ChangeCipherSpec messages from the TLSv1.3 client.
When operating in middlebox compatibility mode, the TLSv1.3 client needs
to send a dummy ChangeCipherSpec message immediately before its second
flight of handshake messages (when early data is not offered).
ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index d5ac6ba5e0..27b2d712ae 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.56 2020/05/09 15:30:21 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.57 2020/05/09 15:47:11 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -150,6 +150,9 @@ tls13_client_hello_sent(struct tls13_ctx *ctx) | |||
| 150 | 150 | ||
| 151 | tls1_transcript_freeze(ctx->ssl); | 151 | tls1_transcript_freeze(ctx->ssl); |
| 152 | 152 | ||
| 153 | if (ctx->middlebox_compat) | ||
| 154 | ctx->send_dummy_ccs = 1; | ||
| 155 | |||
| 153 | return 1; | 156 | return 1; |
| 154 | } | 157 | } |
| 155 | 158 | ||
| @@ -544,6 +547,7 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 544 | err: | 547 | err: |
| 545 | if (ctx->alert == 0) | 548 | if (ctx->alert == 0) |
| 546 | ctx->alert = TLS1_AD_DECODE_ERROR; | 549 | ctx->alert = TLS1_AD_DECODE_ERROR; |
| 550 | |||
| 547 | return 0; | 551 | return 0; |
| 548 | } | 552 | } |
| 549 | 553 | ||