On 22/11/2018 15:58, Pfluegl, Andreas wrote:
>
> I expect server_parse_cb() returning 0 to cause the interruption of the
> connection.
>
> Can you confirm this?
Yes. According to the docs:
"If the B<parse_cb> considers the extension data acceptable it must return 1. If
it returns 0 or a negative value a fatal handshake error occurs using the TLS
alert value specified in B<*al>."
https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_add_server_custom_ext.html
>
> Here I am missing server_parse_cb() (see Server trace scenario 1)
When a client receives a HelloRequest message it will send a new ClientHello and
attempt to resume the connection. The attempt at resumption does not occur when
a reneg is initiated from the client side unless you call
SSL_renegotiate_abbreviated() instead of SSL_renegotiate().
If the attempt at resumption is successful then custom extension parsing does
not get invoked on the server side. This is by design:
https://github.com/openssl/openssl/blob/0fbe8491fc05d280a1f00bfc26dd3c3a6c63f04a/ssl/t1_lib.c#L2314-L2325
Unfortunately the docs in 1.1.0 are a bit lacking on this point. They have been
significantly revised and updated in 1.1.1 and hopefully this is a little more
obvious. In particular note that the 1.1.1 flag SSL_EXT_IGNORE_ON_RESUMPTION is
automatically set when calling SSL_CTX_add_server_custom_ext(). This is so that
the behaviour is backwards compatible with 1.1.0:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_add_custom_ext.html
In 1.1.1 we have the new function SSL_CTX_add_custom_ext() which (among other
things) allows you to control whether the callback is called during resumption
or not. See the doc link above.
So, in order to solve your problem, I see 2 possible solutions:
1) Upgrade to 1.1.1 and use the new SSL_CTX_add_custom_ext() API.
or
2) Invalidate any sessions in the session cache for old connections that were
established using the old certificate. You'll need to some additional custom
code to track that I imagine. You'll also need to avoid session tickets for that
to work.
Probably the upgrade to 1.1.1 is your best bet since 1.1.0 is only supported
until September 2019 anyway.
Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
