diff options
| author | tb <> | 2020-07-30 16:23:17 +0000 |
|---|---|---|
| committer | tb <> | 2020-07-30 16:23:17 +0000 |
| commit | c83de9bf1a5deaa83030eac8eb7a2ce4749d120d (patch) | |
| tree | ea30368cd2d92bed397d7b50b859b333c5b0ccc6 /src/lib/libssl/tls13_handshake.c | |
| parent | aac53677fa701dbcea49076f866c4ffbc99edfad (diff) | |
| download | openbsd-c83de9bf1a5deaa83030eac8eb7a2ce4749d120d.tar.gz openbsd-c83de9bf1a5deaa83030eac8eb7a2ce4749d120d.tar.bz2 openbsd-c83de9bf1a5deaa83030eac8eb7a2ce4749d120d.zip | |
Add minimal info callback support for TLSv1.3
As abieber@ found the hard way, some python frameworks (twisted, synapse)
thought it a great idea to use the info callback mechanism (designed to
get state information about SSL objects) to modify state information such
as setting and verifying the SNI. The switch of TLS_method() to default
to TLSv1.3 broke these contraptions. Further bits of the info callback
mechanism will likely metastasize throughout the TLSv1.3 stack if we
need them, so we only do what's really necessary now.
Lots of debugging, crucial hint and testing by abieber
input & ok jsing
Diffstat (limited to 'src/lib/libssl/tls13_handshake.c')
| -rw-r--r-- | src/lib/libssl/tls13_handshake.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index 80ad7c0264..b3cecc77ef 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_handshake.c,v 1.63 2020/06/02 13:57:09 tb Exp $ */ | 1 | /* $OpenBSD: tls13_handshake.c,v 1.64 2020/07/30 16:23:17 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> |
| 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> |
| @@ -343,6 +343,12 @@ tls13_handshake_perform(struct tls13_ctx *ctx) | |||
| 343 | const struct tls13_handshake_action *action; | 343 | const struct tls13_handshake_action *action; |
| 344 | int ret; | 344 | int ret; |
| 345 | 345 | ||
| 346 | if (!ctx->handshake_started) { | ||
| 347 | ctx->handshake_started = 1; | ||
| 348 | if (ctx->info_cb != NULL) | ||
| 349 | ctx->info_cb(ctx, TLS13_INFO_HANDSHAKE_STARTED, 1); | ||
| 350 | } | ||
| 351 | |||
| 346 | for (;;) { | 352 | for (;;) { |
| 347 | if ((action = tls13_handshake_active_action(ctx)) == NULL) | 353 | if ((action = tls13_handshake_active_action(ctx)) == NULL) |
| 348 | return TLS13_IO_FAILURE; | 354 | return TLS13_IO_FAILURE; |
| @@ -350,6 +356,9 @@ tls13_handshake_perform(struct tls13_ctx *ctx) | |||
| 350 | if (action->handshake_complete) { | 356 | if (action->handshake_complete) { |
| 351 | ctx->handshake_completed = 1; | 357 | ctx->handshake_completed = 1; |
| 352 | tls13_record_layer_handshake_completed(ctx->rl); | 358 | tls13_record_layer_handshake_completed(ctx->rl); |
| 359 | if (ctx->info_cb != NULL) | ||
| 360 | ctx->info_cb(ctx, | ||
| 361 | TLS13_INFO_HANDSHAKE_COMPLETED, 1); | ||
| 353 | return TLS13_IO_SUCCESS; | 362 | return TLS13_IO_SUCCESS; |
| 354 | } | 363 | } |
| 355 | 364 | ||