diff options
author | Matt Caswell <matt@openssl.org> | 2018-09-07 15:17:34 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-09-07 18:24:59 +0100 |
commit | f01344cb5c6239af0d406f48d65362d0df9627b5 (patch) | |
tree | 54f51286ca17243df77c04cc82cb3ad5222a0228 /ssl | |
parent | 328a0547ad61d9e260fca73a280d2288714f2b92 (diff) | |
download | openssl-f01344cb5c6239af0d406f48d65362d0df9627b5.tar.gz |
Do not reset SNI data in SSL_do_handshake()
PR #3783 introduce coded to reset the server side SNI state in
SSL_do_handshake() to ensure any erroneous config time SNI changes are
cleared. Unfortunately SSL_do_handshake() can be called mid-handshake
multiple times so this is the wrong place to do this and can mean that
any SNI data is cleared later on in the handshake too.
Therefore move the code to a more appropriate place.
Fixes #7014
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7149)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 6 | ||||
-rw-r--r-- | ssl/statem/extensions.c | 6 |
2 files changed, 5 insertions, 7 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3d25da637d..d75158e30c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3559,12 +3559,6 @@ int SSL_do_handshake(SSL *s) s->method->ssl_renegotiate_check(s, 0); - if (SSL_is_server(s)) { - /* clear SNI settings at server-side */ - OPENSSL_free(s->ext.hostname); - s->ext.hostname = NULL; - } - if (SSL_in_init(s) || SSL_in_before(s)) { if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index cd4f078cf3..8422161dc1 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -904,9 +904,13 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent) static int init_server_name(SSL *s, unsigned int context) { - if (s->server) + if (s->server) { s->servername_done = 0; + OPENSSL_free(s->ext.hostname); + s->ext.hostname = NULL; + } + return 1; } |