Ignore warning alert returns from servername callback in TLSv1.3 - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-08-30 16:50:23 +0000
committer	tb <>	2021-08-30 16:50:23 +0000
commit	16d988bc2e4a08ee42706c3f39c9fd70bfa71cd4 (patch)
tree	862224d45a5456bf7aa3d1dd02736b148e574b4d /src/regress/lib/libssl/tlslegacy/tlslegacytest.c
parent	f67f6c5abc22f26c9c18cf14ee457c12b67479ab (diff)
download	openbsd-16d988bc2e4a08ee42706c3f39c9fd70bfa71cd4.tar.gz openbsd-16d988bc2e4a08ee42706c3f39c9fd70bfa71cd4.tar.bz2 openbsd-16d988bc2e4a08ee42706c3f39c9fd70bfa71cd4.zip

Ignore warning alert returns from servername callback in TLSv1.3

If a servername callback returns SSL_TLSEXT_ERR_ALERT_WARNING, this results in a fatal error in TLSv1.3 since alert levels are implicit in the alert type and neither close_notify nor user_canceled make sense in this context. OpenSSL chose to ignore this, so we need to follow suit. Found via a broken servername callback in p5-IO-Socket-SSL which returns a Boolean instead of SSL_TLSEXT_ERR_*. This happened to have worked before TLSv1.3 since warning alerts are often ignored. This "fixes" sni.t and sni-verify.t in p5-IO-Socket-SSL. ok beck jsing

Diffstat (limited to 'src/regress/lib/libssl/tlslegacy/tlslegacytest.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: