Do not send an SNI extension when resuming a session that contains a server

name (which means the client sent SNI during the initial handshake). Issue reported by Renaud Allard. ok tb@
author: jsing <> 2019-05-29 17:25:27 +0000
committer: jsing <> 2019-05-29 17:25:27 +0000
commit: 2214ddcdafdaaba29c0539cecf71267cc591193d (patch)
tree: 9cfbeab01e510beaf89aa3dda31743d778762909 /src
parent: 6b1ad48294a0af0fd73aeb2cdf19eedfd6013666 (diff)
download: openbsd-2214ddcdafdaaba29c0539cecf71267cc591193d.tar.gz
openbsd-2214ddcdafdaaba29c0539cecf71267cc591193d.tar.bz2
openbsd-2214ddcdafdaaba29c0539cecf71267cc591193d.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index b532d49a63..506cfbcfea 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.47 2019/05/28 17:34:32 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.48 2019/05/29 17:25:27 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -677,6 +677,9 @@ tlsext_sni_server_parse(SSL *s, CBS *cbs, int *alert)
 int
 tlsext_sni_server_needs(SSL *s)
 {
+        if (s->internal->hit)
+                return 0;
        return (s->session->tlsext_hostname != NULL);
 }
author	jsing <>	2019-05-29 17:25:27 +0000
committer	jsing <>	2019-05-29 17:25:27 +0000
commit	2214ddcdafdaaba29c0539cecf71267cc591193d (patch)
tree	9cfbeab01e510beaf89aa3dda31743d778762909 /src
parent	6b1ad48294a0af0fd73aeb2cdf19eedfd6013666 (diff)
download	openbsd-2214ddcdafdaaba29c0539cecf71267cc591193d.tar.gz openbsd-2214ddcdafdaaba29c0539cecf71267cc591193d.tar.bz2 openbsd-2214ddcdafdaaba29c0539cecf71267cc591193d.zip