From 326615a6e0d9c026a95e75db78bdfb2e53aa2972 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 9 Jan 2021 10:41:48 +0000 Subject: Add support for SSL_get_shared_ciphers() in TLSv1.3 As reported by Steffen Ullrich and bluhm, since enabling TLSv1.3 server some tests fail in t/local/07_sslecho.c of security/p5-Net-SSLeay due to missing support for SSL_get_shared_ciphers(). This fixes the parts related to shared ciphers. ok beck inoguchi jsing --- src/lib/libssl/tls13_server.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 2062d4956c..0b079c1d83 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.68 2021/01/07 16:26:31 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.69 2021/01/09 10:41:48 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -250,6 +250,10 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } S3I(s)->hs.new_cipher = cipher; + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = ciphers; + ciphers = NULL; + /* Ensure only the NULL compression method is advertised. */ if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only, sizeof(tls13_compression_null_only))) { -- cgit v1.2.3-55-g6feb