diff options
author | Paul Yang <paulyang.inf@gmail.com> | 2017-06-16 18:12:02 +0800 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-06-16 17:00:22 -0400 |
commit | 837f87c217fd595c814c4e1ab47ec1842d29b60d (patch) | |
tree | 06f5a526fb5715cf9eeb8d0811d793fb31b59b10 /apps | |
parent | 6ea3bca427b3e759939a63555821d0c4678dd79c (diff) |
Forbid to specify -nextprotoneg if -tls1_3 is enabled
This applies both to s_client and s_server app.
Reaction to Issue #3665.
Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3697)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_client.c | 6 | ||||
-rw-r--r-- | apps/s_server.c | 6 |
2 files changed, 12 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 8af3853e4b..ad0eaec562 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1424,6 +1424,12 @@ int s_client_main(int argc, char **argv) if (argc != 0) goto opthelp; +#ifndef OPENSSL_NO_NEXTPROTONEG + if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { + BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); + goto opthelp; + } +#endif if (proxystr != NULL) { int res; char *tmp_host = host, *tmp_port = port; diff --git a/apps/s_server.c b/apps/s_server.c index 26947c31f3..930ef6e4a8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1536,6 +1536,12 @@ int s_server_main(int argc, char *argv[]) argc = opt_num_rest(); argv = opt_rest(); +#ifndef OPENSSL_NO_NEXTPROTONEG + if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { + BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); + goto opthelp; + } +#endif #ifndef OPENSSL_NO_DTLS if (www && socket_type == SOCK_DGRAM) { BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n"); |