openssl/ssl
Matt Caswell 238fa464d6 Add ALPN validation in the client
The ALPN protocol selected by the server must be one that we originally
advertised. We should verify that it is.

Follow on from CVE-2024-5535

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)
2024-06-27 10:30:51 +01:00
..
quic Use correctly formatted ALPN data in tserver 2024-06-27 10:30:51 +01:00
record Set rl->packet to NULL after we've finished using it 2024-05-28 13:28:13 +01:00
rio QUIC POLLING: Support no-quic builds 2024-02-10 11:37:14 +00:00
statem Add ALPN validation in the client 2024-06-27 10:30:51 +01:00
bio_ssl.c bio_ssl.c: Do not call SSL_shutdown if not inited 2024-06-25 16:06:17 +02:00
build.info QUIC RIO: Add frontend SSL_poll implementation 2024-02-10 11:37:14 +00:00
d1_lib.c Remove SSL_ENC_FLAG_EXPLICIT_IV which is only set and never read. 2024-05-14 15:34:07 +02:00
d1_msg.c Copyright year updates 2023-09-07 09:59:15 +01:00
d1_srtp.c Copyright year updates 2024-04-09 13:43:26 +02:00
event_queue.c Remove a spurious inclusion of the sparse array header file 2023-09-25 07:45:32 +10:00
methods.c
pqueue.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
priority_queue.c Fix bug in priority queue remove function 2023-11-08 11:09:12 +00:00
s3_enc.c Copyright year updates 2024-04-09 13:43:26 +02:00
s3_lib.c Add support for integrity-only cipher suites for TLS v1.3 2024-05-14 15:39:15 +02:00
s3_msg.c Resolve a TODO in ssl3_dispatch_alert 2022-11-14 10:14:41 +01:00
ssl_asn1.c RFC7250 (RPK) support 2023-03-28 13:49:54 -04:00
ssl_cert_comp.c Copyright year updates 2023-09-07 09:59:15 +01:00
ssl_cert_table.h Make ssl_cert_info read-only 2023-11-27 07:51:33 +00:00
ssl_cert.c Make ssl_cert_info read-only 2023-11-27 07:51:33 +00:00
ssl_ciph.c Move stack of compression methods from libssl to OSSL_LIB_CTX 2024-05-28 08:56:13 +02:00
ssl_conf.c Copyright year updates 2024-04-09 13:43:26 +02:00
ssl_err_legacy.c Update copyright year 2021-06-17 13:24:59 +01:00
ssl_err.c Add reason codes with the correct offset for two alerts 2024-05-14 15:27:17 +02:00
ssl_init.c Move stack of compression methods from libssl to OSSL_LIB_CTX 2024-05-28 08:56:13 +02:00
ssl_lib.c Fix SSL_select_next_proto 2024-06-27 10:30:51 +01:00
ssl_local.h Extend mask of ssl_method_st to 64-bit 2024-06-23 10:09:07 -04:00
ssl_mcnf.c Set SSL_CONF_FLAG_SHOW_ERRORS when conf_diagnostics is enabled 2024-05-09 09:20:58 +02:00
ssl_rsa_legacy.c Deprecate RSA harder 2020-11-18 23:38:34 +01:00
ssl_rsa.c Copyright year updates 2023-09-07 09:59:15 +01:00
ssl_sess.c Incorporate review feedback 2024-06-21 07:57:56 -04:00
ssl_stat.c SSL_alert_desc_string_long(): Delete unnecessary underline 2024-04-04 08:33:21 +02:00
ssl_txt.c Move stack of compression methods from libssl to OSSL_LIB_CTX 2024-05-28 08:56:13 +02:00
ssl_utst.c Remove the old buffer management code 2022-10-20 14:39:33 +01:00
sslerr.h QUIC APL: Implement optimised FIN API 2024-01-23 14:20:06 +00:00
t1_enc.c Copyright year updates 2024-04-09 13:43:26 +02:00
t1_lib.c Fix handling of max_fragment_length extension for PSK 2024-06-20 16:49:51 +02:00
t1_trce.c Add support for integrity-only cipher suites for TLS v1.3 2024-05-14 15:39:15 +02:00
tls13_enc.c Add support for integrity-only cipher suites for TLS v1.3 2024-05-14 15:39:15 +02:00
tls_depr.c SSL object refactoring using SSL_CONNECTION object 2022-07-28 10:04:28 +01:00
tls_srp.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00