diff options
| author |   jsing <jsing@openbsd.org> | 2020-05-21 18:34:34 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-05-21 18:34:34 +0000 |
| commit | e87fcc9404b1966748b3fae48c229a744508730b (patch) | |
| tree | 51ee5ebaa45afcd9f068648bf7176d7b846cd02a | |
| parent | separate cleanup from exit/signal logic (diff) | |
| download | wireguard-openbsd-e87fcc9404b1966748b3fae48c229a744508730b.tar.xz wireguard-openbsd-e87fcc9404b1966748b3fae48c229a744508730b.zip | |
Actually set the hrr flag when sending a HelloRetryRequest.
Without this, when SNI is in use the second ClientHello will result in an
error.
Found the hard way by sthen@.
ok sthen@ tb@
| -rw-r--r-- | lib/libssl/tls13_server.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 03d0e488ba3..42409edbf79 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.49 2020/05/19 16:35:21 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.50 2020/05/21 18:34:34 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -321,6 +321,8 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) { int nid; + ctx->hs->hrr = 1; + if (!tls13_synthetic_handshake_message(ctx)) return 0; |