diff options
| author | Emilia Kasper <emilia@openssl.org> | 2015-09-22 15:20:26 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2016-03-03 13:53:26 +0100 |
| commit | 062178678f5374b09f00d70796f6e692e8775aca (patch) | |
| tree | ae299cf72a32514f7e5315af16977976f6083c86 /ssl/s3_enc.c | |
| parent | make update (diff) | |
| download | openssl-062178678f5374b09f00d70796f6e692e8775aca.tar.xz openssl-062178678f5374b09f00d70796f6e692e8775aca.zip | |
Refactor ClientHello extension parsing
1) Simplify code with better PACKET methods.
2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.
3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.
4) Send an alert on ALPN protocol mismatch.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Diffstat (limited to 'ssl/s3_enc.c')
| -rw-r--r-- | ssl/s3_enc.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index d4d64d0e5e..1c493e2807 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -667,6 +667,8 @@ int ssl3_alert_code(int code) return (TLS1_AD_UNKNOWN_PSK_IDENTITY); case SSL_AD_INAPPROPRIATE_FALLBACK: return (TLS1_AD_INAPPROPRIATE_FALLBACK); + case SSL_AD_NO_APPLICATION_PROTOCOL: + return (TLS1_AD_NO_APPLICATION_PROTOCOL); default: return (-1); } |