boringssl

History

David Benjamin 4eb95ccfd6 Parse ClientHello extensions before deciding on resumption. This simplifies a little code around EMS and PSK KE modes, but requires tweaking the SNI code. The extensions that are more tightly integrated with the handshake are still processed inline for now. It does, however, require an extra state in 1.2 so the asynchronous session callback does not cause extensions to be processed twice. Tweak a test enforce this. This and a follow-up to move cert_cb before resumption are done in preparation for resolving the cipher suite before resumption and only resuming on match. Note this has caller-visible effects: - The legacy SNI callback happens before resumption. - The ALPN callback happens before resumption. - Custom extension ClientHello parsing callbacks also cannot depend on resumption state. - The DoS protection callback now runs after all the extension callbacks as it is documented to be called after the resumption decision. BUG=116 Change-Id: I1281a3b61789b95c370314aaed4f04c1babbc65f Reviewed-on: https://boringssl-review.googlesource.com/11845 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	2016-11-16 23:58:02 +00:00
..
openssl	Parse ClientHello extensions before deciding on resumption.	2016-11-16 23:58:02 +00:00

David Benjamin 4eb95ccfd6 Parse ClientHello extensions before deciding on resumption.

This simplifies a little code around EMS and PSK KE modes, but requires
tweaking the SNI code.

The extensions that are more tightly integrated with the handshake are
still processed inline for now. It does, however, require an extra state
in 1.2 so the asynchronous session callback does not cause extensions to
be processed twice. Tweak a test enforce this.

This and a follow-up to move cert_cb before resumption are done in
preparation for resolving the cipher suite before resumption and only
resuming on match.

Note this has caller-visible effects:

- The legacy SNI callback happens before resumption.

- The ALPN callback happens before resumption.

- Custom extension ClientHello parsing callbacks also cannot depend on
  resumption state.

- The DoS protection callback now runs after all the extension callbacks
  as it is documented to be called after the resumption decision.

BUG=116

Change-Id: I1281a3b61789b95c370314aaed4f04c1babbc65f
Reviewed-on: https://boringssl-review.googlesource.com/11845
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

2016-11-16 23:58:02 +00:00

openssl

Parse ClientHello extensions before deciding on resumption.

2016-11-16 23:58:02 +00:00