mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
c491a39986
openssl/doc
History
Benjamin Kaduk 8313a787d7 Allow an ALPN callback to pretend to not exist 
RFC 7301 mandates that the server SHALL respond with a fatal
"no_application_protocol" alert when there is no overlap between
the client's supplied list and the server's list of supported protocols.
In commit 062178678f we changed from
ignoring non-success returns from the supplied alpn_select_cb() to
treating such non-success returns as indicative of non-overlap and
sending the fatal alert.

In effect, this is using the presence of an alpn_select_cb() as a proxy
to attempt to determine whether the application has configured a list
of supported protocols.  However, there may be cases in which an
application's architecture leads it to supply an alpn_select_cb() but
have that callback be configured to take no action on connections that
do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from
the callback would be the natural way to do so.  Unfortunately, the
aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as
indicative of no overlap and terminated the connection; this change
supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the
callback.  In effect, it provides a way for a callback to obtain the
behavior that would have occurred if no callback was registered at
all, which was not possible prior to this change.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2570)
2017-04-10 11:57:37 -04:00
..
HOWTO
man1 Use 'over 2' for bullet lists. 2017-04-07 13:48:19 -04:00
man3 Allow an ALPN callback to pretend to not exist 2017-04-10 11:57:37 -04:00
man5 "any" instead of "and" 2017-03-24 13:43:21 +01:00
man7 Use 'over 2' for bullet lists. 2017-04-07 13:48:19 -04:00
dir-locals.example.el
fingerprints.txt
openssl-c-indent.el
README More typo fixes 2017-03-29 07:14:29 +02:00

README 

README  This file

fingerprints.txt
        PGP fingerprints of authorised release signers

standards.txt
        Moved to the web, https://www.openssl.org/docs/standards.html

HOWTO/
        A few how-to documents; not necessarily up-to-date

man1/
        The openssl command-line tools; start with openssl.pod

man3/
        The SSL library and the crypto library

man5/
        File formats

man7/
        Overviews; start with crypto.pod and ssl.pod, for example
        Algorithm specific EVP_PKEY documentation.

Formatted versions of the manpages (apps,ssl,crypto) can be found at
        https://www.openssl.org/docs/manpages.html