git.librecmc.org Git - oweals/openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Wed, 25 Sep 2019 16:06:06 +0000 (17:06 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 30 Jan 2020 16:07:12 +0000 (16:07 +0000)
commit	e9cd6e763c1dc036d5216ee0e200afa7ec26c60b
tree	12f3fec76f33103005d5f2f663bdb079a2eed1b9	tree \| snapshot
parent	081191e3423ed73b019e7786d68c94c78e61c6d9	commit \| diff

Fix SSL_get_servername() and SNI behaviour

The SNI behaviour for TLSv1.3 and the behaviour of SSL_get_servername()
was not quite right, and not entirely consistent with the RFC.

The TLSv1.3 RFC explicitly says that SNI is negotiated on each handshake
and the server is not required to associate it with the session. This was
not quite reflected in the code so we fix that.

Additionally there were some additional checks around early_data checking
that the SNI between the original session and this session were
consistent. In fact the RFC does not require any such checks, so they are
removed.

Finally the behaviour of SSL_get_servername() was not quite right. The
behaviour was not consistent between resumption and normal handshakes,
and also not quite consistent with historical behaviour. We clarify the
behaviour in various scenarios and also attempt to make it match historical
behaviour as closely as possible.

Fixes #8822

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/10018)

(cherry picked from commit 7955c1f16e72dc944677fd1dbf4b1300e75f1c84)

ssl/ssl_lib.c		diff \| blob \| history
ssl/statem/extensions.c		diff \| blob \| history
ssl/statem/extensions_srvr.c		diff \| blob \| history