Refactor ClientHello extension parsing

1) Simplify code with better PACKET methods. 2) Make broken SNI parsing explicit. SNI was intended to be extensible to new name types but RFC 4366 defined the syntax inextensibly, and OpenSSL has never parsed SNI in a way that would allow adding a new name type. RFC 6066 fixed the definition but due to broken implementations being widespread, it appears impossible to ever extend SNI. 3) Annotate resumption behaviour. OpenSSL doesn't currently handle all extensions correctly upon resumption. Annotate for further clean-up. 4) Send an alert on ALPN protocol mismatch. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2015-09-22 15:20:26 +0200
committer: Emilia Kasper <emilia@openssl.org> 2016-03-03 13:53:26 +0100
commit: 062178678f5374b09f00d70796f6e692e8775aca (patch)
tree: ae299cf72a32514f7e5315af16977976f6083c86 /CHANGES
parent: d6c2587967f93f2f9c226bda9139ae427698f20f (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 0b8c558b06..618655816f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 1.0.2g and 1.1.0  [xx XXX xxxx]
 
+  *) If the server has ALPN configured, but supports no protocols that the
+     client advertises, send a fatal "no_application_protocol" alert.
+     This behaviour is SHALL in RFC 7301, though it isn't universally
+     implemented by other servers.
+     [Emilia Käsper]
+
   *) Add X25519 support.
      Integrate support for X25519 into EC library. This includes support
      for public and private key encoding using the format documented in
author	Emilia Kasper <emilia@openssl.org>	2015-09-22 15:20:26 +0200
committer	Emilia Kasper <emilia@openssl.org>	2016-03-03 13:53:26 +0100
commit	062178678f5374b09f00d70796f6e692e8775aca (patch)
tree	ae299cf72a32514f7e5315af16977976f6083c86 /CHANGES
parent	d6c2587967f93f2f9c226bda9139ae427698f20f (diff)