-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Continues processing cookieless client hellos for dtls1.3 #22400
Continues processing cookieless client hellos for dtls1.3 #22400
Conversation
CI failure looks irrelevant |
@@ -1618,17 +1618,6 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) | |||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |||
goto err; | |||
} | |||
/* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be conditional on DTLS-1.3 being enabled?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean by "being enabled"?
I cannot check for connection versions at this point because the server has not yet called ssl_choose_server_version()
.
But maybe I can move the check to a place after the extensions has been read and then check for a cookie then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant DTLS-1.3 not being enabled on the SSL_CONNECTION object (i.e. what ssl_get_min_max_version() returns).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check my latest update and let me know your thoughts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CI seems relevant.
b3eebc0
to
41bd984
Compare
fbea037
to
553fcfb
Compare
Needs rebase |
41bd984
to
6211f32
Compare
6211f32
to
f990397
Compare
Ready for review. I've implemented your suggestion @t8m. |
This pull request is ready to merge |
Merged to the feature branch. Thank you for your contribution. |
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #22400)
No description provided.