mancha1 <at> hush.com via RT <rt <at> openssl.org> writes:
> > Hello. > > OpenSSL 0.9.8y does not properly handle warning level > alerts in SSLv23 client method unlike OpensSSL 1.0.0+. > > For example, when OpenSSL 0.9.8 initiates a connection > using TLS-SNI extensions in "SSLv23 mode" and the server > replies to client hello with an unrecognized_name warning > alert, the handshake terminates client-side. > > This issue has been reported by many clients linked against > OpenSSL 0.9.8 (see footer links). > > When connecting to a server that sends warning-level alerts > on hostname mismatch in TLS-SNI, eg.: > > $ openssl s_client -CApath /etc/ssl -connect \ > $CorrectHostname:443 -servername $InvalidHostname \ > -state < /dev/null 2>&1 | grep -E 'alert|error' > > Current 0.9.8y behavior (output): > SSL3 alert read:warning:unknown > SSL_connect:error in SSLv2/v3 read server hello A > 7632:error:14077458:SSL > routines:SSL23_GET_SERVER_HELLO:reason(1112):s23_clnt.c:602: > > Desired behavior (output) [consistent with OpenSSL 1.0.1e]: > SSL3 alert read:warning:unrecognized name > SSL3 alert write:warning:close notify > > Patch applies cleanly to OpenSSL_0_9_8-stable (HEAD <at> a44c9b9c) > and makes behavior consistent with OpenSSL 1.0.1e. Also, it > adds support for new alerts (RFC 6066 and RFC 4279). > > Please consider its inclusion after appropriate code review. > > --mancha > > Note: A higher-level discussion is whether non-fatal > unrecognized_name alerts should be sent at all. Per RFC 6066, > "If a server name is provided but not recognized, the server > should either continue the handshake without an error or send > a fatal error. Sending a warning-level message is not > recommended because client behavior will be unpredictable." > > ===== > > [1] http://marc.info/?l=openssl-users&m=131736995412529&w=2 > [2] http://sourceforge.net/p/curl/bugs/1037/ > [3] https://bugs.php.net/bug.php?id=61276 > [4] https://github.com/joyent/node/issues/3033 > > Attachment (0001-Fix-handling-of-warning-level-alerts-in-SSL23-client.patch): application/octet-stream, 11 KiB Hello. I never received a reply to this patch submission but wanted to follow up because I am receiving update requests from affected users (e.g. http://sourceforge.net/p/curl/bugs/1037/?page=3). I imagine 0.9.8 is in feature-freeze however I believe this qualifies as a bug-fix more than a feature-enhancement. Would someone let me know if this code might eventually make its way into 0.9.8 so I know how to respond to people requesting status updates from me? Thanks. --mancha ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org