diff options
| author |   tb <tb@openbsd.org> | 2021-01-09 10:41:48 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2021-01-09 10:41:48 +0000 |
| commit | 5fd104f8442d72c14f3d8977782f573409f43c8e (patch) | |
| tree | d4384423f45f67856b8efdbd474b51bf4834f0d5 | |
| parent | Align SSL_get_shared_ciphers() with OpenSSL (diff) | |
| download | wireguard-openbsd-5fd104f8442d72c14f3d8977782f573409f43c8e.tar.xz wireguard-openbsd-5fd104f8442d72c14f3d8977782f573409f43c8e.zip | |
Add support for SSL_get_shared_ciphers() in TLSv1.3
As reported by Steffen Ullrich and bluhm, since enabling TLSv1.3 server
some tests fail in t/local/07_sslecho.c of security/p5-Net-SSLeay due
to missing support for SSL_get_shared_ciphers(). This fixes the parts
related to shared ciphers.
ok beck inoguchi jsing
| -rw-r--r-- | lib/libssl/tls13_server.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 2062d4956cd..0b079c1d834 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.68 2021/01/07 16:26:31 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.69 2021/01/09 10:41:48 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -250,6 +250,10 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } S3I(s)->hs.new_cipher = cipher; + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = ciphers; + ciphers = NULL; + /* Ensure only the NULL compression method is advertised. */ if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only, sizeof(tls13_compression_null_only))) { |