diff options
author | Todd Short <tshort@akamai.com> | 2016-03-05 08:47:55 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-03-08 09:24:56 -0500 |
commit | 1316ca80f4e1dc9339572c780d495f995fe0bad0 (patch) | |
tree | abf1a69887b37b2d85b2c69698cf58c002209107 /ssl | |
parent | 892b9376b3f6e22ca7d7ea68e1402bf2e91035a9 (diff) | |
download | openssl-1316ca80f4e1dc9339572c780d495f995fe0bad0.tar.gz |
GH787: Fix ALPN
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
that processing
* Add flags to indicate that we actually sent ALPN, to properly error
out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_ciph.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 5059e93748..b26e972697 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -2012,8 +2012,8 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr) { - const SSL_CIPHER *c; - c = ssl->method->get_cipher_by_char(ptr); + const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr); + if (c == NULL || c->valid == 0) return NULL; return c; @@ -2037,10 +2037,8 @@ int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c) int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) { - int i; - if (c == NULL) - return NID_undef; - i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac); + int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac); + if (i == -1) return NID_undef; return ssl_cipher_table_mac[i].nid; @@ -2049,6 +2047,7 @@ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c) { int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey); + if (i == -1) return NID_undef; return ssl_cipher_table_kx[i].nid; @@ -2056,7 +2055,8 @@ int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c) int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c) { - int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_auth); + int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth); + if (i == -1) return NID_undef; return ssl_cipher_table_kx[i].nid; |