mirror of
https://github.com/openssl/openssl.git
synced 2025-01-30 14:01:55 +08:00
1c4aa31d79
In particular, adhere to the rule that we must not modify any
property of an SSL_SESSION object once it is (or might be) in
a session cache. Such modifications are thread-unsafe and have
been observed to cause crashes at runtime.
To effect this change, standardize on the property that
SSL_SESSION->ext.hostname is set only when that SNI value
has been negotiated by both parties for use with that session.
For session resumption this is trivially the case, so only new
handshakes are affected.
On the client, the new semantics are that the SSL->ext.hostname is
for storing the value configured by the caller, and this value is
used when constructing the ClientHello. On the server, SSL->ext.hostname
is used to hold the value received from the client. Only if the
SNI negotiation is successful will the hostname be stored into the
session object; the server can do this after it sends the ServerHello,
and the client after it has received and processed the ServerHello.
This obviates the need to remove the hostname from the session object
in case of failed negotiation (a change that was introduced in commit
|
||
|---|---|---|
| .. | ||
| record | ||
| statem | ||
| bio_ssl.c | ||
| build.info | ||
| d1_lib.c | ||
| d1_msg.c | ||
| d1_srtp.c | ||
| methods.c | ||
| packet_locl.h | ||
| packet.c | ||
| pqueue.c | ||
| s3_cbc.c | ||
| s3_enc.c | ||
| s3_lib.c | ||
| s3_msg.c | ||
| ssl_asn1.c | ||
| ssl_cert_table.h | ||
| ssl_cert.c | ||
| ssl_ciph.c | ||
| ssl_conf.c | ||
| ssl_err.c | ||
| ssl_init.c | ||
| ssl_lib.c | ||
| ssl_locl.h | ||
| ssl_mcnf.c | ||
| ssl_rsa.c | ||
| ssl_sess.c | ||
| ssl_stat.c | ||
| ssl_txt.c | ||
| ssl_utst.c | ||
| t1_enc.c | ||
| t1_lib.c | ||
| t1_trce.c | ||
| tls13_enc.c | ||
| tls_srp.c | ||