diff options
| author | jsing <> | 2020-05-21 18:34:34 +0000 |
|---|---|---|
| committer | jsing <> | 2020-05-21 18:34:34 +0000 |
| commit | db06f99aaf5e25549858a1f679186ea97ba7537e (patch) | |
| tree | 73dca71407182aa6452bc6e5b5c55f543d2f9e15 /src/lib | |
| parent | afac324e18de721062d661aec878138036f65e24 (diff) | |
| download | openbsd-db06f99aaf5e25549858a1f679186ea97ba7537e.tar.gz openbsd-db06f99aaf5e25549858a1f679186ea97ba7537e.tar.bz2 openbsd-db06f99aaf5e25549858a1f679186ea97ba7537e.zip | |
Actually set the hrr flag when sending a HelloRetryRequest.
Without this, when SNI is in use the second ClientHello will result in an
error.
Found the hard way by sthen@.
ok sthen@ tb@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 03d0e488ba..42409edbf7 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.49 2020/05/19 16:35:21 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.50 2020/05/21 18:34:34 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -321,6 +321,8 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 321 | { | 321 | { |
| 322 | int nid; | 322 | int nid; |
| 323 | 323 | ||
| 324 | ctx->hs->hrr = 1; | ||
| 325 | |||
| 324 | if (!tls13_synthetic_handshake_message(ctx)) | 326 | if (!tls13_synthetic_handshake_message(ctx)) |
| 325 | return 0; | 327 | return 0; |
| 326 | 328 | ||