From 60cbadef599c8f0c759c008b22e75c71e2ad9134 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Thu, 6 Feb 2020 16:05:59 +0000 Subject: Add a workaround to make SSL_set_session() work with TLSv1.3. While we do not currently do session resumption, just return the TLS_client_method() or TLS_server_method() when asked for a method that does TLSv1.3. ok tb@ (who also arrived at the same diff) --- lib/libssl/ssl_methods.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index 208de33c017..276fcc66d84 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.11 2020/01/23 10:48:37 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.12 2020/02/06 16:05:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -366,6 +366,10 @@ static const SSL_METHOD TLSv1_2_client_method_data = { const SSL_METHOD * tls1_get_client_method(int ver) { +#ifdef LIBRESSL_HAS_TLS1_3_CLIENT + if (ver == TLS1_3_VERSION) + return (TLS_client_method()); +#endif if (ver == TLS1_2_VERSION) return (TLSv1_2_client_method()); if (ver == TLS1_1_VERSION) @@ -734,6 +738,10 @@ static const SSL_METHOD TLSv1_2_server_method_data = { const SSL_METHOD * tls1_get_server_method(int ver) { +#ifdef LIBRESSL_HAS_TLS1_3_SERVER + if (ver == TLS1_3_VERSION) + return (TLS_server_method()); +#endif if (ver == TLS1_2_VERSION) return (TLSv1_2_server_method()); if (ver == TLS1_1_VERSION) -- cgit v1.2.3