![Please Enable Javascript]()
{"schema":"libjg2-1",
"vpath":"/git/",
"avatar":"/git/avatar/",
"alang":"",
"gen_ut":1752650012,
"reponame":"openssl",
"desc":"OpenSSL",
"owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl",
"f":3,
"items": [
{"schema":"libjg2-1",
"cid":"f68a9524015d631ae4f71269ea1d449a",
"commit": {"type":"commit",
"time": 1513263997,
"time_ofs": 0,
"oid_tree": { "oid": "0a2e56a2614588b59d356945f57f5ce21002cfef", "alias": []},
"oid":{ "oid": "db37d32cb89160328b0ba48e3808f601a7b3ebe8", "alias": []},
"msg": "Send a CCS after ServerHello in TLSv1.3 if using middlebox compat mode",
"sig_commit": { "git_time": { "time": 1513263997, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" },
"sig_author": { "git_time": { "time": 1510153248, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }},
"body": "Send a CCS after ServerHello in TLSv1.3 if using middlebox compat mode\n\nReviewed-by: Ben Kaduk \u003ckaduk@mit.edu\u003e\n(Merged from https://github.com/openssl/openssl/pull/4701)\n"
,
"diff": "diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c\nindex 0f53a47..0cd8ace 100644\n--- a/ssl/ssl_conf.c\n+++ b/ssl/ssl_conf.c\n@@ -592,7 +592,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] \u003d {\n SSL_CONF_CMD_SWITCH(\u0022allow_no_dhe_kex\u0022, 0),\n SSL_CONF_CMD_SWITCH(\u0022prioritize_chacha\u0022, SSL_CONF_FLAG_SERVER),\n SSL_CONF_CMD_SWITCH(\u0022strict\u0022, 0),\n- SSL_CONF_CMD_SWITCH(\u0022no_middlebox\u0022, SSL_CONF_FLAG_CLIENT),\n+ SSL_CONF_CMD_SWITCH(\u0022no_middlebox\u0022, 0),\n SSL_CONF_CMD_STRING(SignatureAlgorithms, \u0022sigalgs\u0022, 0),\n SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, \u0022client_sigalgs\u0022, 0),\n SSL_CONF_CMD_STRING(Curves, \u0022curves\u0022, 0),\ndiff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c\nindex 3608309..43ad4a4 100644\n--- a/ssl/statem/statem_srvr.c\n+++ b/ssl/statem/statem_srvr.c\n@@ -403,6 +403,13 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)\n return WRITE_TRAN_CONTINUE;\n \n case TLS_ST_SW_SRVR_HELLO:\n+ if ((s-\u003eoptions \u0026 SSL_OP_ENABLE_MIDDLEBOX_COMPAT) !\u003d 0)\n+ st-\u003ehand_state \u003d TLS_ST_SW_CHANGE;\n+ else\n+ st-\u003ehand_state \u003d TLS_ST_SW_ENCRYPTED_EXTENSIONS;\n+ return WRITE_TRAN_CONTINUE;\n+\n+ case TLS_ST_SW_CHANGE:\n st-\u003ehand_state \u003d TLS_ST_SW_ENCRYPTED_EXTENSIONS;\n return WRITE_TRAN_CONTINUE;\n \n@@ -763,6 +770,12 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)\n sizeof(sctpauthkey), sctpauthkey);\n }\n #endif\n+ if (!SSL_IS_TLS13(s)\n+ || (s-\u003eoptions \u0026 SSL_OP_ENABLE_MIDDLEBOX_COMPAT) !\u003d 0)\n+ break;\n+ /* Fall through */\n+\n+ case TLS_ST_SW_CHANGE:\n /*\n * TODO(TLS1.3): This actually causes a problem. We don't yet know\n * whether the next record we are going to receive is an unencrypted\n@@ -783,10 +796,9 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)\n /* SSLfatal() already called */\n return WORK_ERROR;\n }\n+ break;\n }\n- break;\n \n- case TLS_ST_SW_CHANGE:\n #ifndef OPENSSL_NO_SCTP\n if (SSL_IS_DTLS(s) \u0026\u0026 !s-\u003ehit) {\n /*\n","s":{"c":1752650012,"u": 62885}}
],"g": 64466,"chitpc": 0,"ehitpc": 0,"indexed":0
,
"ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}