diff options
| author |   tb <tb@openbsd.org> | 2021-03-27 17:56:28 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2021-03-27 17:56:28 +0000 |
| commit | b0828d45f91367dfdcbaa36107b95c7001513ed5 (patch) | |
| tree | c366e66b94c554be014e7c8f1555513187109db0 /lib/libssl/ssl_clnt.c | |
| parent | Fix SDMMC_DEBUG build (diff) | |
| download | wireguard-openbsd-b0828d45f91367dfdcbaa36107b95c7001513ed5.tar.xz wireguard-openbsd-b0828d45f91367dfdcbaa36107b95c7001513ed5.zip | |
Garbage collect s->internal->type
This variable is used in the legacy stack to decide whether we are
a server or a client. That's what s->server is for...
The new TLSv1.3 stack failed to set s->internal->type, which resulted
in hilarious mishandling of previous_{client,server}_finished. Indeed,
both client and server would first store the client's verify_data in
previous_server_finished and later overwrite it with the server's
verify_data. Consequently, renegotiation has been completely broken
for more than a year. In fact, server side renegotiation was broken
during the 6.5 release cycle. Clearly, no-one uses this.
This commit fixes client side renegotiation and restores the previous
behavior of SSL_get_client_CA_list(). Server side renegotiation will
be fixed in a later commit.
ok jsing
Diffstat (limited to 'lib/libssl/ssl_clnt.c')
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 984ade0957e..63adacd9cf6 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.88 2021/03/24 18:44:00 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.89 2021/03/27 17:56:28 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -226,8 +226,6 @@ ssl3_connect(SSL *s) goto end; } - s->internal->type = SSL_ST_CONNECT; - if (!ssl3_setup_init_buffer(s)) { ret = -1; goto end; |