[openssl-dev] [openssl.org #2021] sni bug
Peter Sylvester via RT
rt at openssl.org
Sat Feb 6 21:24:26 UTC 2016
On 06/02/2016 15:50, Rich Salz via RT wrote:
> Is this still a bug?
> --
> Rich Salz, OpenSSL dev team; rsalz at openssl.org
>
>
I don't know, there have been many changes to the extension treatment.
I have not followed the stuff since 5 years.
The extension handling is not what I had in the original design and seems to be broken.
There was no split into two functions two functions that communicate through the session.;
Some callbacks are done in the check loop (as far as I remember) .
Unfortunately this split occured almost in parallel to our contribution in 2006
when some EC stuff was added.
A correct logic is one single function(the code of check and parse combined) that collects the
values of extensions
and then treat them calls callbacks in a defined order.
Actually it seems that you could influence the server behavoiur if you change the order of
extensions in the clienthello.
sni first or last for example.
That makes server application code difficult.
best
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2021
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list