diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 539c380fb9..400c69fa87 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_tlsext.c,v 1.2 2017/07/24 17:10:31 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.3 2017/07/24 17:39:43 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -259,6 +259,28 @@ tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert) | |||
259 | return 0; | 259 | return 0; |
260 | } | 260 | } |
261 | 261 | ||
262 | if (s->internal->hit) { | ||
263 | if (s->session->tlsext_hostname == NULL) { | ||
264 | *alert = TLS1_AD_UNRECOGNIZED_NAME; | ||
265 | return 0; | ||
266 | } | ||
267 | if (strcmp(s->tlsext_hostname, | ||
268 | s->session->tlsext_hostname) != 0) { | ||
269 | *alert = TLS1_AD_UNRECOGNIZED_NAME; | ||
270 | return 0; | ||
271 | } | ||
272 | } else { | ||
273 | if (s->session->tlsext_hostname != NULL) { | ||
274 | *alert = SSL_AD_DECODE_ERROR; | ||
275 | return 0; | ||
276 | } | ||
277 | if ((s->session->tlsext_hostname = | ||
278 | strdup(s->tlsext_hostname)) == NULL) { | ||
279 | *alert = TLS1_AD_INTERNAL_ERROR; | ||
280 | return 0; | ||
281 | } | ||
282 | } | ||
283 | |||
262 | return 1; | 284 | return 1; |
263 | } | 285 | } |
264 | 286 | ||