diff options
| author | jsing <> | 2020-05-11 17:23:35 +0000 |
|---|---|---|
| committer | jsing <> | 2020-05-11 17:23:35 +0000 |
| commit | 0457cfe2c74f9fa05dfdd745fa5292dd986b52d4 (patch) | |
| tree | 81f58710658a179bd3e0e4d2c18ecd64a82af97b /src | |
| parent | 2dbddc3bc2d66017076fb590ed025131e97b6703 (diff) | |
| download | openbsd-0457cfe2c74f9fa05dfdd745fa5292dd986b52d4.tar.gz openbsd-0457cfe2c74f9fa05dfdd745fa5292dd986b52d4.tar.bz2 openbsd-0457cfe2c74f9fa05dfdd745fa5292dd986b52d4.zip | |
Use ssl_get_new_session() in the TLSv1.3 server.
This correctly handles session being non-NULL and sets up a few more
things, including ssl_version. Also stop setting the ssl_version to the
server_version, as this is only used on the client side.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 9616f392e1..1c286f573e 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.43 2020/05/10 17:13:30 tb Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.44 2020/05/11 17:23:35 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -34,10 +34,10 @@ tls13_server_init(struct tls13_ctx *ctx) | |||
| 34 | } | 34 | } |
| 35 | s->version = ctx->hs->max_version; | 35 | s->version = ctx->hs->max_version; |
| 36 | 36 | ||
| 37 | if (!tls1_transcript_init(s)) | 37 | if (!ssl_get_new_session(s, 0)) /* XXX */ |
| 38 | return 0; | 38 | return 0; |
| 39 | 39 | ||
| 40 | if ((s->session = SSL_SESSION_new()) == NULL) | 40 | if (!tls1_transcript_init(s)) |
| 41 | return 0; | 41 | return 0; |
| 42 | 42 | ||
| 43 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | 43 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); |
| @@ -262,7 +262,6 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx) | |||
| 262 | goto err; | 262 | goto err; |
| 263 | 263 | ||
| 264 | s->session->cipher = S3I(s)->hs.new_cipher; | 264 | s->session->cipher = S3I(s)->hs.new_cipher; |
| 265 | s->session->ssl_version = ctx->hs->server_version; | ||
| 266 | 265 | ||
| 267 | if ((ctx->aead = tls13_cipher_aead(S3I(s)->hs.new_cipher)) == NULL) | 266 | if ((ctx->aead = tls13_cipher_aead(S3I(s)->hs.new_cipher)) == NULL) |
| 268 | goto err; | 267 | goto err; |