[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

Thu Sep 13 10:00:31 UTC 2018

The branch OpenSSL_1_1_1-stable has been updated
       via  76864436b35e7aec867d85b967e9d6c0d7294c53 (commit)
      from  3e9a0eb2c86641f5777dcbd8a51d7643f8c71540 (commit)


- Log -----------------------------------------------------------------
commit 76864436b35e7aec867d85b967e9d6c0d7294c53
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Sep 12 17:11:10 2018 +0100

    Don't allow -early_data with other options where it doesn't work
    
    -early_data is not compatible with -www, -WWW, -HTTP or -rev.
    
    Fixes #7200
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7206)
    
    (cherry picked from commit 6ef40f1fc08f0c4ffb08438d63eed83eae7eb2b8)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_server.c       |  5 +++++
 doc/man1/s_server.pod | 14 +++++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index e3bb1a6..6f2a2ae 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1622,6 +1622,11 @@ int s_server_main(int argc, char *argv[])
         goto end;
     }
 #endif
+    if (early_data && (www > 0 || rev)) {
+        BIO_printf(bio_err,
+                   "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
+        goto end;
+    }
 
 #ifndef OPENSSL_NO_SCTP
     if (protocol == IPPROTO_SCTP) {
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index 07016fc..f4c4eda 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -405,13 +405,14 @@ Inhibit printing of session and certificate information.
 Sends a status message back to the client when it connects. This includes
 information about the ciphers used and various session parameters.
 The output is in HTML format so this option will normally be used with a
-web browser.
+web browser. Cannot be used in conjunction with B<-early_data>.
 
 =item B<-WWW>
 
 Emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the URL https://myhost/page.html is
-requested the file ./page.html will be loaded.
+requested the file ./page.html will be loaded. Cannot be used in conjunction
+with B<-early_data>.
 
 =item B<-tlsextdebug>
 
@@ -423,7 +424,8 @@ Emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the URL https://myhost/page.html is
 requested the file ./page.html will be loaded. The files loaded are
 assumed to contain a complete and correct HTTP response (lines that
-are part of the HTTP response line and headers must end with CRLF).
+are part of the HTTP response line and headers must end with CRLF). Cannot be
+used in conjunction with B<-early_data>.
 
 =item B<-id_prefix val>
 
@@ -488,7 +490,8 @@ output.
 =item B<-rev>
 
 Simple test server which just reverses the text received from the client
-and sends it back to the server. Also sets B<-brief>.
+and sends it back to the server. Also sets B<-brief>. Cannot be used in
+conjunction with B<-early_data>.
 
 =item B<-async>
 
@@ -711,7 +714,8 @@ greater than or equal to 0.
 
 =item B<-early_data>
 
-Accept early data where possible.
+Accept early data where possible. Cannot be used in conjunction with B<-www>,
+B<-WWW>, B<-HTTP> or B<-rev>.
 
 =item B<-anti_replay>, B<-no_anti_replay>
 
