diff options
| author |   tb <tb@openbsd.org> | 2019-05-08 23:49:45 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2019-05-08 23:49:45 +0000 |
| commit | 28cac8e17f16b8733f0618ab00078e9d75687df3 (patch) | |
| tree | 265b147ac7081c98ac42608977f80f1a3058e7bb | |
| parent | Add wait_event_killable(). In linux TASK_KILLABLE only gets fatal (diff) | |
| download | wireguard-openbsd-28cac8e17f16b8733f0618ab00078e9d75687df3.tar.xz wireguard-openbsd-28cac8e17f16b8733f0618ab00078e9d75687df3.zip | |
In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,
it is an encrypted extension. Include it in the server hello for now.
This will have to be revisited once TLSv1.3 gets there. Fixes SRTP
negotiation.
Problem found by two rust-openssl regress failures reported by mikeb.
with & ok beck
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 0e37cc3cc00..62b8251ec40 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.44 2019/03/25 17:21:18 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.45 2019/05/08 23:49:45 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -1822,7 +1822,8 @@ static struct tls_extension tls_extensions[] = { #ifndef OPENSSL_NO_SRTP { .type = TLSEXT_TYPE_use_srtp, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, + .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH /* XXX */ | + SSL_TLSEXT_MSG_EE, .client = { .needs = tlsext_srtp_client_needs, .build = tlsext_srtp_client_build, |