Add minimal support for hello retry request for RFC conformance.

We currently don't support sending a modified clienthello ok jsing@ tb@
author: beck <> 2020-01-22 02:21:05 +0000
committer: beck <> 2020-01-22 02:21:05 +0000
commit: 6e73cfec04cc4c6b051dd692d42b61ffede9e4ea (patch)
tree: adb83e2e84639be88bf49e54a37ffa221760b86f /src/lib/libssl/tls13_lib.c
parent: 4c51eb4a7e69d292be8035dde8373d7945494bae (diff)
download: openbsd-6e73cfec04cc4c6b051dd692d42b61ffede9e4ea.tar.gz
openbsd-6e73cfec04cc4c6b051dd692d42b61ffede9e4ea.tar.bz2
openbsd-6e73cfec04cc4c6b051dd692d42b61ffede9e4ea.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index bb749a9b68..e353e9fdad 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.17 2020/01/22 01:02:28 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.18 2020/01/22 02:21:05 beck Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -353,6 +353,9 @@ tls13_legacy_error(SSL *ssl)
        case TLS13_ERR_VERIFY_FAILED:
                reason = SSL_R_CERTIFICATE_VERIFY_FAILED;
                break;
+        case TLS13_ERR_HRR_FAILED:
+                reason = SSL_R_NO_CIPHERS_AVAILABLE;
+                break;
        }
        ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
author	beck <>	2020-01-22 02:21:05 +0000
committer	beck <>	2020-01-22 02:21:05 +0000
commit	6e73cfec04cc4c6b051dd692d42b61ffede9e4ea (patch)
tree	adb83e2e84639be88bf49e54a37ffa221760b86f /src/lib/libssl/tls13_lib.c
parent	4c51eb4a7e69d292be8035dde8373d7945494bae (diff)
download	openbsd-6e73cfec04cc4c6b051dd692d42b61ffede9e4ea.tar.gz openbsd-6e73cfec04cc4c6b051dd692d42b61ffede9e4ea.tar.bz2 openbsd-6e73cfec04cc4c6b051dd692d42b61ffede9e4ea.zip