wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell c9a826d28f Don't write the tick_identity to the session 
Sessions must be immutable once they can be shared with multiple threads.
We were breaking that rule by writing the ticket index into it during the
handshake. This can lead to incorrect behaviour, including failed
connections in multi-threaded environments.

Reported by David Benjamin.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8383)

(cherry picked from commit c96ce52ce2)
2019-03-05 14:28:27 +00:00
..
record Update copyright year 2019-02-26 14:05:09 +00:00
statem Don't write the tick_identity to the session 2019-03-05 14:28:27 +00:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c Update copyright year 2018-11-20 13:27:36 +00:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Update copyright year 2018-04-17 15:18:40 +02:00
packet_locl.h Update copyright year 2018-09-11 13:45:17 +01:00
pqueue.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
s3_cbc.c Update copyright year 2018-11-20 13:27:36 +00:00
s3_enc.c Update copyright year 2019-02-26 14:05:09 +00:00
s3_lib.c Fix wrong return value in ssl3_ctx_ctrl 2018-11-22 01:05:43 +08:00
s3_msg.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_asn1.c Don't use OPENSSL_strdup() for copying alpn_selected 2018-06-21 11:07:45 +01:00
ssl_cert.c Separate ca_names handling for client and server 2018-11-12 14:38:47 +00:00
ssl_cert_table.h Update copyright year 2018-03-20 13:08:46 +00:00
ssl_ciph.c Update copyright year 2019-02-26 14:05:09 +00:00
ssl_conf.c Add the ability to configure anti-replay via SSL_CONF 2018-07-02 15:06:12 +01:00
ssl_err.c Don't interleave handshake and other record types in TLSv1.3 2019-02-19 09:37:29 +00:00
ssl_init.c Update copyright year 2019-02-26 14:05:09 +00:00
ssl_lib.c Update copyright year 2019-02-26 14:05:09 +00:00
ssl_locl.h Don't write the tick_identity to the session 2019-03-05 14:28:27 +00:00
ssl_mcnf.c Move the loading of the ssl_conf module to libcrypto 2018-04-05 15:30:12 +01:00
ssl_rsa.c Update copyright year 2018-03-20 13:08:46 +00:00
ssl_sess.c ssl/*: switch to switch to Thread-Sanitizer-friendly primitives. 2018-08-07 09:08:23 +02:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Address coverity-reported NULL dereference in SSL_SESSION_print() 2018-07-01 18:20:11 -05:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Update copyright year 2019-02-26 14:05:09 +00:00
t1_lib.c Honour mandatory digest on private key in has_usable_cert() 2018-11-24 08:49:32 +02:00
t1_trce.c Fix ssl/t1_trce.c to parse certificate chains 2018-09-01 08:58:42 +08:00
tls13_enc.c Update copyright year 2019-02-26 14:05:09 +00:00
tls_srp.c Use the private RNG for data that is not public 2018-04-02 22:22:43 +02:00