diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_lib.c | 4 |
3 files changed, 7 insertions, 4 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index aab83dcc69..d5ac6ba5e0 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.55 2020/05/09 15:05:50 beck Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.56 2020/05/09 15:30:21 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -61,7 +61,7 @@ tls13_client_init(struct tls13_ctx *ctx) | |||
| 61 | * legacy session identifier triggers compatibility mode (see RFC 8446 | 61 | * legacy session identifier triggers compatibility mode (see RFC 8446 |
| 62 | * Appendix D.4). In the pre-TLSv1.3 case a zero length value is used. | 62 | * Appendix D.4). In the pre-TLSv1.3 case a zero length value is used. |
| 63 | */ | 63 | */ |
| 64 | if (ctx->hs->max_version >= TLS1_3_VERSION) { | 64 | if (ctx->middlebox_compat && ctx->hs->max_version >= TLS1_3_VERSION) { |
| 65 | arc4random_buf(ctx->hs->legacy_session_id, | 65 | arc4random_buf(ctx->hs->legacy_session_id, |
| 66 | sizeof(ctx->hs->legacy_session_id)); | 66 | sizeof(ctx->hs->legacy_session_id)); |
| 67 | ctx->hs->legacy_session_id_len = | 67 | ctx->hs->legacy_session_id_len = |
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index b699b20501..f15d11551a 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.68 2020/05/09 15:05:50 beck Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.69 2020/05/09 15:30:21 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -218,6 +218,7 @@ struct tls13_ctx { | |||
| 218 | uint8_t mode; | 218 | uint8_t mode; |
| 219 | struct tls13_handshake_stage handshake_stage; | 219 | struct tls13_handshake_stage handshake_stage; |
| 220 | int handshake_completed; | 220 | int handshake_completed; |
| 221 | int middlebox_compat; | ||
| 221 | 222 | ||
| 222 | int close_notify_sent; | 223 | int close_notify_sent; |
| 223 | int close_notify_recv; | 224 | int close_notify_recv; |
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 37f300ae43..3825707d5c 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_lib.c,v 1.37 2020/05/09 15:05:50 beck Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.38 2020/05/09 15:30:21 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
| @@ -351,6 +351,8 @@ tls13_ctx_new(int mode) | |||
| 351 | ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb; | 351 | ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb; |
| 352 | ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb; | 352 | ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb; |
| 353 | 353 | ||
| 354 | ctx->middlebox_compat = 1; | ||
| 355 | |||
| 354 | return ctx; | 356 | return ctx; |
| 355 | 357 | ||
| 356 | err: | 358 | err: |