-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dtls max version for dtls1.3 #22275
Update dtls max version for dtls1.3 #22275
Conversation
This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 61 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 92 days ago |
9abeed3
to
86e2b86
Compare
Test failures are relevant. We need to merge a couple of other PR's before this is working. |
Will those failure go away with a rebase now? |
No. We need #22364 to be merged first. Which is dependent on #22366. And then I expect there are some test cases that needs to be limited to DTLS 1.2 for it to work. I'll add that work to this PR to fix the pipeline. |
A quick update on this. Please prioritise reviewing the following: When they are merged I'll do a rebase of this branch and make some adjustments to make the tests pass (some has to be forced to run on DTLS 1.2 for now). That will enable the dtls 1.3 feature branch to negotiate dtls 1.3. And then we can make the required adjustments to make it correct according to the RFC. |
All of these are now merged |
Yes thanks. I'll update this PR today or tomorrow. |
Note that #24161 is going to cause problems for this one. My current plan is: Rebase the feature/dtls-1.3 branch later today on master (there will be no conflicts from this) At that point you will need to update this PR again to fix any resulting issues. |
ba06dc9
to
fbea037
Compare
fbea037
to
553fcfb
Compare
86e2b86
to
7c0015a
Compare
@mattcaswell Please review again. I've marked a couple of tests for reenablement and some has been forced to DTLS 1.2. Please let me know what you think. |
At least some of the CI failures look relevant. |
80c9564
to
93cb4a5
Compare
I think I found a fix for the memory leaks, but the patch in 6adbb30 seems to break compilation. TBH I don't understand why. Maybe you know what's causing it? |
It is because the test file test/tls13secretstest.c mocks outs some internal functions and links in ssl/tls13_enc.c directly: Lines 1028 to 1038 in deaa83a
To fix it you will need to supply dummy implementations of void dtls1_clear_received_buffer(SSL_CONNECTION *s)
{
}
void dtls1_clear_sent_buffer(SSL_CONNECTION *s)
{
} |
6adbb30
to
4cbeb3e
Compare
This is ready for review once again. I have added some handling of middlebox compatibility and fixed the memory leak. Please let me know what you think. |
This pull request is ready to merge |
Pushed. Thanks. |
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
…DTLS 1.3 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
…erver_version() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
…rom compilation path. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
…r objects. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22275)
Another dtls 1.3 specific update. It is dependent on #22259