wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell f8affa2995 Don't send a status_request extension in a CertificateRequest message 
If a TLSv1.3 server configured to respond to the status_request extension
also attempted to send a CertificateRequest then it was incorrectly
inserting a non zero length status_request extension into that message.

The TLSv1.3 RFC does allow that extension in that message but it must
always be zero length.

In fact we should not be sending the extension at all in that message
because we don't support it.

Fixes #9767

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9780)

(cherry picked from commit debb64a0ca43969eb3f043aa8895a4faa7f12b6e)
2019-09-06 10:12:51 +01:00
..
record Fix SSL_MODE_RELEASE_BUFFERS functionality 2019-08-05 17:17:25 +01:00
statem Don't send a status_request extension in a CertificateRequest message 2019-09-06 10:12:51 +01:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c Update copyright year 2018-11-20 13:27:36 +00:00
d1_msg.c issue-8998: Ensure that the alert is generated and reaches the remote 2019-05-30 11:37:42 +01:00
d1_srtp.c
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Update copyright year 2018-04-17 15:18:40 +02:00
packet_locl.h Update copyright year 2018-09-11 13:45:17 +01:00
pqueue.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
s3_cbc.c Update copyright year 2018-11-20 13:27:36 +00:00
s3_enc.c Update copyright year 2019-02-26 14:05:09 +00:00
s3_lib.c Fix the return value for SSL_get0_chain_certs() 2019-07-17 12:38:46 +01:00
s3_msg.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_asn1.c Don't use OPENSSL_strdup() for copying alpn_selected 2018-06-21 11:07:45 +01:00
ssl_cert.c Move 'shared_sigalgs' from cert_st to ssl_st 2019-06-26 13:00:27 -05:00
ssl_cert_table.h Update copyright year 2018-03-20 13:08:46 +00:00
ssl_ciph.c Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list 2019-09-04 16:22:38 +02:00
ssl_conf.c Add the ability to configure anti-replay via SSL_CONF 2018-07-02 15:06:12 +01:00
ssl_err.c Don't interleave handshake and other record types in TLSv1.3 2019-02-19 09:37:29 +00:00
ssl_init.c Update copyright year 2019-02-26 14:05:09 +00:00
ssl_lib.c Fix SSL_CTX_set_session_id_context() docs 2019-07-16 13:58:18 +01:00
ssl_locl.h Remove DRBG from SSL structure. 2019-07-16 13:25:31 +10:00
ssl_mcnf.c Move the loading of the ssl_conf module to libcrypto 2018-04-05 15:30:12 +01:00
ssl_rsa.c Update copyright year 2018-03-20 13:08:46 +00:00
ssl_sess.c Following the previous 2 commits also move ecpointformats out of session 2019-06-18 14:26:16 +01:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Address coverity-reported NULL dereference in SSL_SESSION_print() 2018-07-01 18:20:11 -05:00
ssl_utst.c
t1_enc.c Update copyright year 2019-02-26 14:05:09 +00:00
t1_lib.c Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable() 2019-09-04 16:19:46 +02:00
t1_trce.c Fix ssl/t1_trce.c to parse certificate chains 2018-09-01 08:58:42 +08:00
tls13_enc.c Add missing EBCDIC strings 2019-08-14 10:52:31 +01:00
tls_srp.c Use the private RNG for data that is not public 2018-04-02 22:22:43 +02:00