Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, which

is off by default (instead of being enabled unconditionally).

The TLS padding extension was added as a workaround for a bug in F5 SSL
terminators, however appears to trigger bugs in IronPort SMTP appliances.
Now the SSL client gets to choose which of these devices it wants to
trigger bugs in...

Ported from OpenSSL.

Discussed with many.

ok miod@

1 files changed, 13 insertions, 8 deletions

diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index c25f10bfabb..87a65e3db24 100644
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.54 2014/08/07 22:27:28 guenther Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.55 2014/09/21 17:11:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -635,18 +635,24 @@ skip_ext:
 	}
 #endif
 
-#ifdef TLSEXT_TYPE_padding
-	/* Add padding to workaround bugs in F5 terminators.
+	/*
+	 * Add padding to workaround bugs in F5 terminators.
 	 * See https://tools.ietf.org/html/draft-agl-tls-padding-03
 	 *
+	 * Note that this seems to trigger issues with IronPort SMTP
+	 * appliances.
+	 *
 	 * NB: because this code works out the length of all existing
 	 * extensions it MUST always appear last.
 	 */
-	{
+	if (s->options & SSL_OP_TLSEXT_PADDING) {
 		int hlen = ret - (unsigned char *)s->init_buf->data;
-	/* The code in s23_clnt.c to build ClientHello messages includes the
-	 * 5-byte record header in the buffer, while the code in s3_clnt.c does
-	 * not. */
+
+		/*
+		 * The code in s23_clnt.c to build ClientHello messages
+		 * includes the 5-byte record header in the buffer, while the
+		 * code in s3_clnt.c does not.
+		 */
 		if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
 			hlen -= 5;
 		if (hlen > 0xff && hlen < 0x200) {
@@ -662,7 +668,6 @@ skip_ext:
 			ret += hlen;
 		}
 	}
-#endif
 
 	if ((extdatalen = ret - p - 2) == 0)
 		return p;