diff options
| author |   jsing <jsing@openbsd.org> | 2020-05-29 17:47:30 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-05-29 17:47:30 +0000 |
| commit | e4de2a75b8d7ed4398f6c5128524d6043eeab667 (patch) | |
| tree | b869b7a7367f6bfe1846aa4b5b6b21c3346de935 /lib/libssl/tls13_server.c | |
| parent | Mop up servername_done, which is unused. (diff) | |
| download | wireguard-openbsd-e4de2a75b8d7ed4398f6c5128524d6043eeab667.tar.xz wireguard-openbsd-e4de2a75b8d7ed4398f6c5128524d6043eeab667.zip | |
Wire up the servername callback in the TLSv1.3 server.
This makes SNI work correctly with TLSv1.3.
Found the hard way by danj@, gonzalo@ and others.
ok beck@ inoguchi@ tb@
Diffstat (limited to 'lib/libssl/tls13_server.c')
| -rw-r--r-- | lib/libssl/tls13_server.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 621e51d5011..181ba583a06 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.53 2020/05/23 11:58:46 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.54 2020/05/29 17:47:30 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -373,6 +373,19 @@ tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs) return 1; } +static int +tls13_servername_process(struct tls13_ctx *ctx) +{ + uint8_t alert = TLS13_ALERT_INTERNAL_ERROR; + + if (!tls13_legacy_servername_process(ctx, &alert)) { + ctx->alert = alert; + return 0; + } + + return 1; +} + int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) { @@ -380,6 +393,8 @@ tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) return 0; if (!tls13_key_share_generate(ctx->hs->key_share)) return 0; + if (!tls13_servername_process(ctx)) + return 0; ctx->hs->server_group = 0; |