summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2021-01-09 10:41:49 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2021-01-09 10:41:49 +0000
commit98150b09ae1b7114ce4470ac99cc62e65e51673f (patch)
treef178f9a831985a3756b16088a3fe1504c4d28c5b
parent53b9ea468ba8d5eceadb843727abda8e233eb13e (diff)
Add support for SSL_get_shared_ciphers() in TLSv1.3
As reported by Steffen Ullrich and bluhm, since enabling TLSv1.3 server some tests fail in t/local/07_sslecho.c of security/p5-Net-SSLeay due to missing support for SSL_get_shared_ciphers(). This fixes the parts related to shared ciphers. ok beck inoguchi jsing
-rw-r--r--lib/libssl/tls13_server.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index 2062d4956cd..0b079c1d834 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.68 2021/01/07 16:26:31 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.69 2021/01/09 10:41:48 tb Exp $ */
/*
* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -250,6 +250,10 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
}
S3I(s)->hs.new_cipher = cipher;
+ sk_SSL_CIPHER_free(s->session->ciphers);
+ s->session->ciphers = ciphers;
+ ciphers = NULL;
+
/* Ensure only the NULL compression method is advertised. */
if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only,
sizeof(tls13_compression_null_only))) {