| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
In TLSv1.3 post-handshake handshake messages are used for key updates and
session tickets. These are in-band and mean that when the upper layer goes
to read application data, we can end up reading and having to process
handshake messages - this option changes whether we retry and read the
next TLS record, or if we return, signalling that we want more data to
be available.
ok beck@ inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
It can be triggered by sending a line to stdin while no connection
is open and then connecting a client. The first SSL_write() fails,
sends SSL_ERROR_WANT_* and then causes a segfault deep down in the
tls stack when accessing &(buf[-1]).
ok beck inoguchi
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implies that we're dealing with a HRR in the extension handling code.
Explicitly check that we're in this situation by inspecting the flag in
the handshake context. Add missing error checks and send the appropriate
alerts. The hrr flag needs to be unset after parsing the client hello
retry to avoid breaking the server hello handling. All this is far from
ideal, but better than nothing.
The correct fix would likely be to make the message type available
but that would need to be part of a more extensive rearchitecture of
the extension handling.
Discussed at length with jsing
|
| |
|
|
|
|
| |
(gurn) copies getsockname() retrieves a truncated result and 14 bytes of
stack garbage get copied onwards.
ok tb
|
| |
|
|
|
|
|
|
|
|
|
|
| |
for the moment that is all we support. fixes an issue where gnuTLS
cares that mistmatching staples come back on the certs in the chain.
This should be fixed correctly later by associating the staple
to the individual certs rather than the ssl, so this is temporary.
running on www@.
ok tb@, "got that's oopy but an interim ok" jsing@
|
| |
|
|
|
|
| |
unindent a bunch of code.
Suggested by jsing
|
| |
|
|
|
|
| |
Prompted by tb@
ok tb@
|
| |
|
|
|
|
| |
respectively.
Discussed with jsing
|
| |
|
|
|
|
|
|
|
| |
in the following tls13_handshake_msg_start() call. Add a check.
Stop clobbering the ctx's hs_msg variable, use a local variable
instead.
ok beck jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Without this, when SNI is in use the second ClientHello will result in an
error.
Found the hard way by sthen@.
ok sthen@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This currently runs 54 tests from the tlsfuzzer suite against
the TLSv1.3 server which exercise a large portion of the code.
They already found a number of bugs and misbehaviors and also
inspired a few diffs currently in the pipeline.
This regress requires the py3-tlsfuzzer package to be installed,
otherwise the tests are skipped. Many thanks to kmos for helping
with the ports side and to beck for his positive feedback.
ok beck
|
| |
|
|
|
|
|
|
|
|
|
| |
SSL_connect in blocking mode.
While this will probably need a rethink, until we land on a solution
for PHH in blocking mode, the breakage this causes is visible in
real things, and we've only managed to hit the PHH breakage in
a test case.
ok tb@
|
| |
|
|
| |
OK beck@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the
intention of handling RSA sign only certificates... this incomplete code
had the following comment:
/* check to see if this is a signing only certificate */
/* EAY EAY EAY EAY */
And while the comment was removed in 2005, the incomplete RSA sign-only
handling has remained ever since.
Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While
here also remove the unused SSL_PKEY_DH_RSA.
ok tb@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
noticed by dlg@ on www.openbsd.org with curl.
ok dlg@
|
| |
|
|
|
|
| |
messages with oscp staples.
ok jsing@ tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
sending back illegal parameter if our phh key share request type
is not 0 or 1.
ok jsing@ tb@
|
| |
|
|
| |
ok tb@ jsing@
|
| |
|
|
| |
conflict against a potential define min() from some other scope.
|
| |
|
|
|
|
|
| |
According to RFC 8446 section 4.4.2.4, a client receiving an empty
certificate list must abort the handshake with a decode error alert.
ok beck@ inoguchi@ tb@ ('it rarely is the alert you'd expect it to be...')
|
| |
|
|
| |
Enabled by -g option, and default to disabled (RSA certificate is used)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
After post-handshake handshake messages have been processed, we need to
return TLS13_IO_WANT_POLLIN rather than TLS13_IO_WANT_RETRY. The latter
will cause us to try to read another TLS record, when there may not be
any data available - this will then block in the case of a blocking read.
This reverts part of r1.25.
Issue noticed by inoguchi@
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The RFC requires that a server always provide a certificate for
authentication. Ensure that this is the case, rather than proceeding and
attempting validation. In the case where validation was disabled and the
server returned an empty certificate list, this would have previously
resulted in a NULL pointer deference.
Issue reported by otto@
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
This was missed in previous tls13_server.c commit.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
A TLSv1.3 server must always send a certificate - return an error and abort
the handshake if none is available.
ok inoguchi@ tb@
|
| |
|
|
| |
OK beck@, who was amused by the "darkly comic value of reading" it
|
| | |
|
| | |
|
| |
|
|
| |
Enabled by -e option, and default to disabled (RSA certificate is used)
|
| | |
|
| |
|
|
| |
packages to appear
|
| | |
|
| |
|
|
|
| |
- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name
|
| |
|
|
| |
OTHER_OPENSSL default to eopenssl11
|
| |
|
|
|
| |
This ensures that a TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 client can talk
with an appropriately configured server and vice versa.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This allows a server configured to only support TLSv1.2 and earlier, to
correctly handle connections from a TLSv1.3 capable client.
Issue reported by pvk@
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Switch the legacy version when processing the server hello, rather than
when the client hello has been sent. This ensures that we accept a
response from the server that has a record version other than
TLS1_2_VERSION, as is the case where the server is negotiating TLSv1.0
or TLSv1.1.
Issue spotted by inoguchi@
ok inoguchi@ tb@
|
| |
|
|
| |
ok jsing@ tb@
|
