[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Nov 21 17:53:51 UTC 2017
The branch master has been updated
via 281bf2332caa33184ad611f4f96b3f7fd44d1d29 (commit)
via 3b5873567d24bf0d8bc2a175848e716e295d6c94 (commit)
via bfab12bb7dbd32cb13a8d518f312857ebd045541 (commit)
via b510b740fb4e3cb35e6f297c232c0e776dbcbc71 (commit)
from 665d899fa6d3571da016925067ebcf1789d7d19c (commit)
- Log -----------------------------------------------------------------
commit 281bf2332caa33184ad611f4f96b3f7fd44d1d29
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 14 15:14:51 2017 +0000
If a server is not acknowledging SNI then don't reject early_data
SNI needs to be consistent before we accept early_data. However a
server may choose to not acknowledge SNI. In that case we have to
expect that a client may send it anyway. We change the consistency
checks so that not acknowledging is treated more a like a "wild card",
accepting any SNI as being consistent.
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
commit 3b5873567d24bf0d8bc2a175848e716e295d6c94
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 14 14:21:13 2017 +0000
Provide a more information early_data message in s_server
s_server reported early_data not being sent and early_data being
rejected in the same way, i.e. "No early data received". This is
slightly misleading so this commit provides a different error message
if the early data is rejected.
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
commit bfab12bb7dbd32cb13a8d518f312857ebd045541
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 14 13:55:21 2017 +0000
Allow a client to send early_data with SNI if the session has no SNI
We can only send early_data if the SNI is consistent. However it is valid
for the client to set SNI and the server to not use it. This would still be
counted as consistent. OpenSSL client was being overzealous in this check
and disallowing this scenario.
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
commit b510b740fb4e3cb35e6f297c232c0e776dbcbc71
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 14 13:43:42 2017 +0000
Ignore the session when setting SNI in s_client
As per this comment:
https://github.com/openssl/openssl/issues/4496#issuecomment-337767145
Since the server is entitled to reject our session our ClientHello
should include everything that we would want if a full handshake were
to happen. Therefore we shouldn't use the session as a source of
information for setting SNI.
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 11 -----------
apps/s_server.c | 10 +++++++---
ssl/statem/extensions.c | 2 --
ssl/statem/extensions_clnt.c | 15 ++++++++-------
test/recipes/70-test_sslmessages.t | 3 +--
test/recipes/70-test_tls13messages.t | 6 ++----
test/sslapitest.c | 11 ++++++-----
7 files changed, 24 insertions(+), 34 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index 7c0639f..fcab44c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1923,18 +1923,7 @@ int s_client_main(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
- /* By default the SNI should be the same as was set in the session */
- if (!noservername && servername == NULL) {
- servername = SSL_SESSION_get0_hostname(sess);
- if (servername == NULL) {
- /*
- * Force no SNI to be sent so we are consistent with the
- * session.
- */
- noservername = 1;
- }
- }
SSL_SESSION_free(sess);
}
diff --git a/apps/s_server.c b/apps/s_server.c
index 86fed6f..5095bab 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2340,10 +2340,14 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
(void)BIO_flush(bio_s_out);
}
}
- if (write_header)
- BIO_printf(bio_s_out, "No early data received\n");
- else
+ if (write_header) {
+ if (SSL_get_early_data_status(con) == SSL_EARLY_DATA_NOT_SENT)
+ BIO_printf(bio_s_out, "No early data received\n");
+ else
+ BIO_printf(bio_s_out, "Early data was rejected\n");
+ } else {
BIO_printf(bio_s_out, "\nEnd of early data\n");
+ }
if (SSL_is_init_finished(con))
print_connection_info(con);
}
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 1c34141..a72859c 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -911,8 +911,6 @@ static int final_server_name(SSL *s, unsigned int context, int sent,
case SSL_TLSEXT_ERR_NOACK:
s->servername_done = 0;
- if (s->server && s->session->ext.hostname != NULL)
- s->ext.early_data_ok = 0;
return 1;
default:
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index a690751..0dc1c49 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -736,13 +736,14 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
edsess = s->session->ext.max_early_data != 0 ? s->session : psksess;
s->max_early_data = edsess->ext.max_early_data;
- if ((s->ext.hostname == NULL && edsess->ext.hostname != NULL)
- || (s->ext.hostname != NULL
- && (edsess->ext.hostname == NULL
- || strcmp(s->ext.hostname, edsess->ext.hostname) != 0))) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
- SSL_R_INCONSISTENT_EARLY_DATA_SNI);
- return EXT_RETURN_FAIL;
+ if (edsess->ext.hostname != NULL) {
+ if (s->ext.hostname == NULL
+ || (s->ext.hostname != NULL
+ && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+ SSL_R_INCONSISTENT_EARLY_DATA_SNI);
+ return EXT_RETURN_FAIL;
+ }
}
if ((s->ext.alpn == NULL && edsess->ext.alpn_selected != NULL)) {
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index 5ddf384..e3eadfa 100644
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -164,8 +164,7 @@ $proxy->clientflags("-no_tls1_3 -sess_in ".$session);
$proxy->clientstart();
checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS
- & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION
- & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
+ & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION,
"Resumption handshake test");
unlink $session;
diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t
index 239eabf..aaecbd3 100644
--- a/test/recipes/70-test_tls13messages.t
+++ b/test/recipes/70-test_tls13messages.t
@@ -167,8 +167,7 @@ $proxy->clientstart();
checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
(checkhandshake::DEFAULT_EXTENSIONS
| checkhandshake::PSK_CLI_EXTENSION
- | checkhandshake::PSK_SRV_EXTENSION)
- & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
+ | checkhandshake::PSK_SRV_EXTENSION),
"Resumption handshake test");
#Test 3: A status_request handshake (client request only)
@@ -312,8 +311,7 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
(checkhandshake::DEFAULT_EXTENSIONS
| checkhandshake::KEY_SHARE_HRR_EXTENSION
| checkhandshake::PSK_CLI_EXTENSION
- | checkhandshake::PSK_SRV_EXTENSION)
- & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
+ | checkhandshake::PSK_SRV_EXTENSION),
"Resumption handshake with HRR test");
#Test 16: Acceptable but non preferred key_share
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 706f277..5ba5f6e 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1961,13 +1961,11 @@ static int test_early_data_not_sent(int idx)
return testresult;
}
-static const char *servhostname;
-
static int hostname_cb(SSL *s, int *al, void *arg)
{
const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (hostname != NULL && strcmp(hostname, servhostname) == 0)
+ if (hostname != NULL && strcmp(hostname, "goodhost") == 0)
return SSL_TLSEXT_ERR_OK;
return SSL_TLSEXT_ERR_NOACK;
@@ -2024,7 +2022,6 @@ static int test_early_data_psk(int idx)
&serverssl, &sess, 2)))
goto end;
- servhostname = "goodhost";
servalpn = "goodalpn";
/*
@@ -2069,7 +2066,11 @@ static int test_early_data_psk(int idx)
* Set inconsistent SNI (server detected). In this case the connection
* will succeed but reject early_data.
*/
- servhostname = "badhost";
+ SSL_SESSION_free(serverpsk);
+ serverpsk = SSL_SESSION_dup(clientpsk);
+ if (!TEST_ptr(serverpsk)
+ || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost")))
+ goto end;
edstatus = SSL_EARLY_DATA_REJECTED;
readearlyres = SSL_READ_EARLY_DATA_FINISH;
/* Fall through */
More information about the openssl-commits
mailing list