diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2021-01-09 10:41:49 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2021-01-09 10:41:49 +0000 |
commit | 98150b09ae1b7114ce4470ac99cc62e65e51673f (patch) | |
tree | f178f9a831985a3756b16088a3fe1504c4d28c5b | |
parent | 53b9ea468ba8d5eceadb843727abda8e233eb13e (diff) |
Add support for SSL_get_shared_ciphers() in TLSv1.3
As reported by Steffen Ullrich and bluhm, since enabling TLSv1.3 server
some tests fail in t/local/07_sslecho.c of security/p5-Net-SSLeay due
to missing support for SSL_get_shared_ciphers(). This fixes the parts
related to shared ciphers.
ok beck inoguchi jsing
-rw-r--r-- | lib/libssl/tls13_server.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 2062d4956cd..0b079c1d834 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.68 2021/01/07 16:26:31 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.69 2021/01/09 10:41:48 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -250,6 +250,10 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } S3I(s)->hs.new_cipher = cipher; + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = ciphers; + ciphers = NULL; + /* Ensure only the NULL compression method is advertised. */ if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only, sizeof(tls13_compression_null_only))) { |