CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2021/03/27 11:56:28
Modified files:
lib/libssl : ssl_both.c ssl_cert.c ssl_clnt.c ssl_lib.c
ssl_locl.h ssl_srvr.c
Log message:
Garbage collect s->internal->type
This variable is used in the legacy stack to decide whether we are
a server or a client. That's what s->server is for...
The new TLSv1.3 stack failed to set s->internal->type, which resulted
in hilarious mishandling of previous_{client,server}_finished. Indeed,
both client and server would first store the client's verify_data in
previous_server_finished and later overwrite it with the server's
verify_data. Consequently, renegotiation has been completely broken
for more than a year. In fact, server side renegotiation was broken
during the 6.5 release cycle. Clearly, no-one uses this.
This commit fixes client side renegotiation and restores the previous
behavior of SSL_get_client_CA_list(). Server side renegotiation will
be fixed in a later commit.
ok jsing
