diff options
author | Emilia Kasper <emilia@openssl.org> | 2016-07-04 20:32:28 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2016-07-19 14:18:03 +0200 |
commit | 70c22888c1648fe8652e77107f3c74bf2212de36 (patch) | |
tree | 009ea0932b1ae55cd0063c77d0549b66d2fdd3e7 /ssl/statem | |
parent | ce2cdac2787da32bcde210c7d6acdcbe41b1cd40 (diff) |
Fix two bugs in clienthello processing
- Always process ALPN (previously there was an early return in the
certificate status handling)
- Don't send a duplicate alert. Previously, both
ssl_check_clienthello_tlsext_late and its caller would send an
alert. Consolidate alert sending code in the caller.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_srvr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index a45acbd30c..b5cfc4f220 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1454,7 +1454,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) /* Handles TLS extensions that we couldn't check earlier */ if (s->version >= SSL3_VERSION) { - if (ssl_check_clienthello_tlsext_late(s) <= 0) { + if (!ssl_check_clienthello_tlsext_late(s, &al)) { SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); goto f_err; |