Issue #719: #915
Issue #719: #915
Conversation
If no serverinfo extension is found in some cases, do not abort the handshake, but simply omit/skip that extension. Check for already-registered serverinfo callbacks during serverinfo registration. Update SSL_CTX_use_serverinfo() documentation to mention the need to reload the same serverinfo per certificate, for servers with multiple server certificates.
|
Removing +1 |
|
We need a second team review now. |
|
Oops...added +1 to wrong PR...meant this to be for the master version... |
|
Right, I've reviewed it for real this time... :-) |
|
+1 |
|
Ping? Needs a second team review. |
|
Any second review here? Something, please? |
ssl/ssl_rsa.c
Outdated
| custom_ext_methods *exts = &ctx->cert->srv_ext; | ||
| custom_ext_method *meth = exts->meths; | ||
|
|
||
| /* check for existing callbacks for this extension */ |
There was a problem hiding this comment.
That comment is a bit confusing... what the loop does is to check if there are any extensions of the given type to see if there's any reason to add a server extension of that type.
There was a problem hiding this comment.
(I'd be fine with that comment being removed if it comes to that)
|
Apart from that comment needing a rewrite, I'm fine with this. |
levitte
added
approval: done
|
👍 |
levitte
added
the
approval: done
|
merged. thanks! |
|
@richsalz Will this become available as a bug fix on openssl 1.0.2? Because it is important for me to have it on my OpenSSL 1.0.2. |
|
it is merged into 1.0.2 and will show up as part of the next bugfix release. |
5 participants
If no serverinfo extension is found in some cases, do not abort the handshake,
but simply omit/skip that extension.
Check for already-registered serverinfo callbacks during serverinfo
registration.
Update SSL_CTX_use_serverinfo() documentation to mention the need to reload the
same serverinfo per certificate, for servers with multiple server certificates.