mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

QUIC: Prohibit post-handshake auth

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
This commit is contained in:
Hugo Landau 2023-01-16 15:21:57 +00:00 committed by Pauli
parent f0d9757caf
commit 7163617f33
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/man3/SSL_CTX_set_verify.pod
View File

@ -215,6 +215,8 @@ Only one certificate request may be outstanding at any time.
When post-handshake authentication occurs, a refreshed NewSessionTicket
message is sent to the client.
Post-handshake authentication cannot be used with QUIC.
=head1 BUGS
In client mode, it is not checked whether the SSL_VERIFY_PEER flag

3
ssl/quic/quic_impl.c
View File

@ -331,7 +331,8 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
sc->s3.flags |= TLS1_FLAGS_QUIC;
/* Restrict options derived from the SSL_CTX. */
sc->options &= OSSL_QUIC_PERMITTED_OPTIONS;
sc->options &= OSSL_QUIC_PERMITTED_OPTIONS;
sc->pha_enabled = 0;
#if defined(OPENSSL_THREADS)
if ((qc->mutex = ossl_crypto_mutex_new()) == NULL)