From 55bc1fb8c12e9ebee84e4f4cd679dc16b3000b2c Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 5 Apr 2019 20:23:38 +0000 Subject: By design, our state machine is a DAG contrary to the state machine in the spec. To avoid the obvious loop in the RFC's state machine, we added a CLIENT_HELLO_RETRY state which is a second ClientHello with special rules. There is, however, no state to react to this second client hello. This adds a matching SERVER_HELLO_RETRY state to the handshakes table. This means in particular that the WITH_HRR state cannot be set in tls13_server_hello_recv(), so remove this now dead check. ok jsing --- src/lib/libssl/tls13_handshake.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/tls13_handshake.h') diff --git a/src/lib/libssl/tls13_handshake.h b/src/lib/libssl/tls13_handshake.h index cbbec744d3..9910dab106 100644 --- a/src/lib/libssl/tls13_handshake.h +++ b/src/lib/libssl/tls13_handshake.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.h,v 1.2 2019/01/20 22:36:19 tb Exp $ */ +/* $OpenBSD: tls13_handshake.h,v 1.3 2019/04/05 20:23:38 tb Exp $ */ /* * Copyright (c) 2019 Theo Buehler * @@ -35,6 +35,7 @@ enum tls13_message_type { CLIENT_HELLO, SERVER_HELLO, CLIENT_HELLO_RETRY, + SERVER_HELLO_RETRY, SERVER_ENCRYPTED_EXTENSIONS, SERVER_CERTIFICATE_REQUEST, SERVER_CERTIFICATE, -- cgit v1.2.3-55-g6feb