[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Fri Mar 27 16:24:58 UTC 2020


The branch master has been updated
       via  9e885a707d604e9528b5491b78fb9c00f41193fc (commit)
      from  9e2c03582de42e8ac5aa23412affcb9645395e94 (commit)


- Log -----------------------------------------------------------------
commit 9e885a707d604e9528b5491b78fb9c00f41193fc
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Thu Mar 26 15:59:00 2020 +0100

    s_server: Properly indicate ALPN protocol mismatch
    
    Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
    an alert is sent to the client on ALPN protocol mismatch.
    
    Fixes: #2708
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11415)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_server.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index bcc83e562c..591c6c19c5 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
     if (SSL_select_next_proto
         ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
          inlen) != OPENSSL_NPN_NEGOTIATED) {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
     }
 
     if (!s_quiet) {


More information about the openssl-commits mailing list