source-git / openssl

Clone
Source Code
GIT

Blame SPECS/openssl-1.1.1-alpn-cb.patch

c8 c8s master
  1.   3c126e197bf64be56e1432546d39885b80b61a84
  2.   SPECS
  3.   openssl-1.1.1-alpn-cb.patch
Blob History Raw
Packit Service 084de1 
commit 9e885a707d604e9528b5491b78fb9c00f41193fc
Packit Service 084de1 
Author: Tomas Mraz <tmraz@fedoraproject.org>
Packit Service 084de1 
Date:   Thu Mar 26 15:59:00 2020 +0100
Packit Service 084de1
Packit Service 084de1 
    s_server: Properly indicate ALPN protocol mismatch
Packit Service 084de1
Packit Service 084de1 
    Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
Packit Service 084de1 
    an alert is sent to the client on ALPN protocol mismatch.
Packit Service 084de1
Packit Service 084de1 
    Fixes: #2708
Packit Service 084de1
Packit Service 084de1 
    Reviewed-by: Matt Caswell <matt@openssl.org>
Packit Service 084de1 
    (Merged from https://github.com/openssl/openssl/pull/11415)
Packit Service 084de1
Packit Service 084de1 
diff --git a/apps/s_server.c b/apps/s_server.c
Packit Service 084de1 
index bcc83e562c..591c6c19c5 100644
Packit Service 084de1 
--- a/apps/s_server.c
Packit Service 084de1 
+++ b/apps/s_server.c
Packit Service 084de1 
@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
Packit Service 084de1 
     if (SSL_select_next_proto
Packit Service 084de1 
         ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
Packit Service 084de1 
          inlen) != OPENSSL_NPN_NEGOTIATED) {
Packit Service 084de1 
-        return SSL_TLSEXT_ERR_NOACK;
Packit Service 084de1 
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
Packit Service 084de1 
     }
Packit Service 084de1
Packit Service 084de1 
     if (!s_quiet) {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation