diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2018-05-30 11:12:22 -0500 |
---|---|---|
committer | Benjamin Kaduk <kaduk@mit.edu> | 2018-07-20 07:12:24 -0500 |
commit | c5d1fb78fd0fdbe1f1e61211bd56192a0f95bc91 (patch) | |
tree | e32c89c425221568efd55ac788b0a010c30fcbb2 | |
parent | 1c4aa31d79821dee9be98e915159d52cc30d8403 (diff) |
Add TODO comment for a nonsensical public API
The API used to set what SNI value to send in the ClientHello
can also be used on server SSL objects, with undocumented and
un-useful behavior. Unfortunately, when generic SSL_METHODs
are used, s->server is still set, prior to the start of the
handshake, so we cannot prevent this nonsensical usage at the
present time. Leave a note to revisit this when ABI-breaking
changes are permitted.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6378)
-rw-r--r-- | ssl/s3_lib.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 354769b0c1..c170eed5e1 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3466,6 +3466,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_HOSTNAME: + /* + * TODO(OpenSSL1.2) + * This API is only used for a client to set what SNI it will request + * from the server, but we currently allow it to be used on servers + * as well, which is a programming error. Currently we just clear + * the field in SSL_do_handshake() for server SSLs, but when we can + * make ABI-breaking changes, we may want to make use of this API + * an error on server SSLs. + */ if (larg == TLSEXT_NAMETYPE_host_name) { size_t len; |