summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_tlsext.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.c')
-rw-r--r--src/lib/libssl/ssl_tlsext.c20
1 files changed, 18 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 4d426f1487..3ad564964d 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.98 2021/09/02 11:10:43 beck Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.99 2021/09/10 09:25:29 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -85,9 +85,16 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
85 if (s->ctx->internal->alpn_select_cb == NULL) 85 if (s->ctx->internal->alpn_select_cb == NULL)
86 return 1; 86 return 1;
87 87
88 /*
89 * XXX - A few things should be considered here:
90 * 1. Ensure that the same protocol is selected on session resumption.
91 * 2. Should the callback be called even if no ALPN extension was sent?
92 * 3. TLSv1.2 and earlier: ensure that SNI has already been processed.
93 */
88 r = s->ctx->internal->alpn_select_cb(s, &selected, &selected_len, 94 r = s->ctx->internal->alpn_select_cb(s, &selected, &selected_len,
89 CBS_data(&alpn), CBS_len(&alpn), 95 CBS_data(&alpn), CBS_len(&alpn),
90 s->ctx->internal->alpn_select_cb_arg); 96 s->ctx->internal->alpn_select_cb_arg);
97
91 if (r == SSL_TLSEXT_ERR_OK) { 98 if (r == SSL_TLSEXT_ERR_OK) {
92 free(S3I(s)->alpn_selected); 99 free(S3I(s)->alpn_selected);
93 if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) { 100 if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) {
@@ -97,9 +104,18 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
97 } 104 }
98 memcpy(S3I(s)->alpn_selected, selected, selected_len); 105 memcpy(S3I(s)->alpn_selected, selected, selected_len);
99 S3I(s)->alpn_selected_len = selected_len; 106 S3I(s)->alpn_selected_len = selected_len;
107
108 return 1;
100 } 109 }
101 110
102 return 1; 111 /* On SSL_TLSEXT_ERR_NOACK behave as if no callback was present. */
112 if (r == SSL_TLSEXT_ERR_NOACK)
113 return 1;
114
115 *alert = SSL_AD_NO_APPLICATION_PROTOCOL;
116 SSLerror(s, SSL_R_NO_APPLICATION_PROTOCOL);
117
118 return 0;
103 119
104 err: 120 err:
105 *alert = SSL_AD_DECODE_ERROR; 121 *alert = SSL_AD_DECODE_ERROR;