diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-12-01 07:46:03 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-12-01 07:46:03 +0000 |
| commit | d5b0b7e0a8bb6ff7070a28433c8da7898149c40c (patch) | |
| tree | 8be4f4b7425464485e903b65e02e84542237ab47 /lib/libc | |
| parent | b553d9eea1ca9236e2996595c94d6ef427ed8d06 (diff) | |
Bring back *_client_method() structs
The method unification broke an API promise of SSL_is_server(). According
to the documentation, calling SSL_is_server() on SSL objects constructed
from generic and server methods would result in 1 even before any call to
SSL_set_accept_state(). This means the information needs to be available
when SSL_new() is called, so must come from the method itself.
Prior to the method unification, s->server would be set to 0 or 1 in
SSL_new() depending on whether the accept method was undefined or not.
Instead, introduce a flag to the internal structs to distinguish client
methods from server and generic methods and copy that flag to s->server in
SSL_new().
This problem was reported to otto due to breakage of DoH in net/dnsdist.
The reason for this is that www/h2o relies on SSL_is_server() to decide
whether to call SSL_accept() or SSL_connect(). Thus, the h2o server would
end up responding to a ClientHello with another ClientHello, which results
in a handshake failure. The bandaid applied to www/h2o can be removed once
this fix has made it into snaps. No other breakage is known.
This commit brings back only about half of the duplication removed in the
method unification, so is preferable to a full revert.
ok jsing
Diffstat (limited to 'lib/libc')
0 files changed, 0 insertions, 0 deletions