[openssl-users] Early data based on SNI with OpenSSL 1.1.1

Olivier Houchard cognet at ci0.org
Mon Oct 23 15:16:30 UTC 2017


Hi,

I'm trying to use OpenSSL 1.1.1 to accept or reject early data based on
the SNI, and I'm a bit confused on how to do so.
The problem I have is, I don't know the SNI before the client hello
callback is called, and at that time it seems to be too late to make a
decision for early data. Either the callback is called from
SSL_do_handshake(), and then any call to SSL_read_early_data() will fail
with SSL_ERROR_SSL, and early data will be rejected, or it is called if
I call SSL_read_early_data() first, but then early data will be
considered accepted no matter what.

I tried returning -1 from the client hello callback, but if called from
SSL_do_handshake to indicate early data are to be read, it seems to be too
late to call SSL_read_early_data() anyway, and if called from
SSL_read_early_data() to indicate we should stop reading early data, it
mostly works, except as s->early_data_state will be
SSL_EARLY_DATA_ACCEPT_RETRY, and so any call to SSL_Read() will fail
because of that test in ssl_read_internal() :
    if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
               || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
		            SSLerr(SSL_F_SSL_READ_INTERNAL,
			    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
			            return 0;
    }

Am I missing something obvious ? Is there any way I can accept or reject
early data based on the SNI ?

Thanks !

Olivier


More information about the openssl-users mailing list