mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
cc94da4ea3
openssl/ssl
History
Benjamin Kaduk 7bc2bddb14 Permit the "supported_groups" extension in ServerHellos 
Although this is forbidden by all three(!) relevant specifications,
there seem to be multiple server implementations in the wild that
send it.  Since we didn't check for unexpected extensions in any
given message type until TLS 1.3 support was added, our previous
behavior was to silently accept these extensions and pass them over
to the custom extension callback (if any).  In order to avoid
regression of functionality, relax the check for "extension in
unexpected context" for this specific case, but leave the protocol
enforcment mechanism unchanged for other extensions and in other
extension contexts.

Leave a detailed comment to indicate what is going on.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4463)
2018-01-03 09:43:54 -06:00
..
record Update state machine to send CCS based on whether we did an HRR 2017-12-14 15:06:37 +00:00
statem Permit the "supported_groups" extension in ServerHellos 2018-01-03 09:43:54 -06:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c More record layer conversions to use SSLfatal() 2017-12-08 16:42:02 +00:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet_locl.h TLS1.3 Padding 2017-05-02 09:44:43 +01:00
packet.c Move ossl_assert 2017-08-03 10:48:00 +01:00
pqueue.c Update copyright header 2017-07-30 17:42:00 -04:00
s3_cbc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_enc.c Fix some formatting nits 2017-12-04 13:37:01 +00:00
s3_lib.c Alternate fix for ../test/recipes/80-test_ssl_old.t with no-ec 2017-12-27 16:37:22 +01:00
s3_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_asn1.c ssl/ssl_asn1.c: resolve warnings in VC-WIN32 build, which allows to add /WX. 2017-11-13 10:58:21 +01:00
ssl_cert_table.h Add RSA-PSS key certificate type. 2017-09-20 12:50:23 +01:00
ssl_cert.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
ssl_ciph.c Alternate fix for ../test/recipes/80-test_ssl_old.t with no-ec 2017-12-27 16:37:22 +01:00
ssl_conf.c Send a CCS after ServerHello in TLSv1.3 if using middlebox compat mode 2017-12-14 15:06:37 +00:00
ssl_err.c Send supported_versions in an HRR 2017-12-14 15:06:37 +00:00
ssl_init.c In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto() 2017-12-08 16:08:39 +01:00
ssl_lib.c Disable partial writes for early data 2017-12-28 17:32:41 +00:00
ssl_locl.h Fix minor 'the the' typos 2018-01-02 15:30:22 +00:00
ssl_mcnf.c Fix misc size_t issues causing Windows warnings in 64 bit 2016-11-04 12:09:46 +00:00
ssl_rsa.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_sess.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Convert more functions in ssl/statem/statem.c to use SSLfatal() 2017-12-04 13:31:48 +00:00
t1_lib.c Convert the state machine code to use SSLfatal() 2017-12-04 13:31:48 +00:00
t1_trce.c Fix trace of TLSv1.3 Certificate Request message 2018-01-02 15:51:23 +00:00
tls13_enc.c Convert more functions in ssl/statem/statem.c to use SSLfatal() 2017-12-04 13:31:48 +00:00
tls_srp.c Convert remaining functions in statem_clnt.c to use SSLfatal() 2017-12-04 13:31:48 +00:00