kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
dd6c2e880f
boringssl/ssl
History
David Benjamin dd6c2e880f Check early ALPN before offering 0-RTT. 
We enforce that servers don't send bogus ALPN values, so consumers may
assume that SSL_get0_alpn_selected won't have anything terribly weird.
To maintain that invariant in the face of folks whose ALPN preferences
change (consider a persisted session cache), we should decline to offer
0-RTT if early_alpn would have been rejected by the check anyway.

Change-Id: Ic3a9ba4041d5d4618742eb05e27033525d96ade1
Reviewed-on: https://boringssl-review.googlesource.com/22067
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-10-25 03:31:56 +00:00
..
test Check early ALPN before offering 0-RTT. 2017-10-25 03:31:56 +00:00
bio_ssl.cc
CMakeLists.txt Migrate TLS 1.2 and below state machines to the new style. 2017-08-29 19:23:22 +00:00
custom_extensions.cc Rename ssl3_send_alert and ssl3_protocol_version. 2017-10-12 16:24:35 +00:00
d1_both.cc Give DTLS1_STATE a destructor. 2017-10-25 03:23:26 +00:00
d1_lib.cc Give DTLS1_STATE a destructor. 2017-10-25 03:23:26 +00:00
d1_pkt.cc Make SSL3_BUFFER a proper C++ class. 2017-10-24 17:32:45 +00:00
d1_srtp.cc Clear a goto in d1_srtp.cc. 2017-09-22 15:15:48 +00:00
dtls_method.cc Give DTLS1_STATE a destructor. 2017-10-25 03:23:26 +00:00
dtls_record.cc Give DTLS1_STATE a destructor. 2017-10-25 03:23:26 +00:00
handshake_client.cc Use more scopers. 2017-10-24 17:50:05 +00:00
handshake_server.cc Use more scopers. 2017-10-24 17:50:05 +00:00
handshake.cc Move init_buf and rwstate into SSL3_STATE. 2017-10-24 18:55:05 +00:00
internal.h Check early ALPN before offering 0-RTT. 2017-10-25 03:31:56 +00:00
s3_both.cc Move init_buf and rwstate into SSL3_STATE. 2017-10-24 18:55:05 +00:00
s3_lib.cc Use more scopers. 2017-10-24 17:50:05 +00:00
s3_pkt.cc Move init_buf and rwstate into SSL3_STATE. 2017-10-24 18:55:05 +00:00
span_test.cc Add bssl::SealRecord and bssl::OpenRecord. 2017-07-24 20:14:08 +00:00
ssl_aead_ctx.cc Push Span down a layer. 2017-10-10 14:27:58 +00:00
ssl_asn1.cc Make SNI per-connection, not per-session. 2017-09-06 20:25:26 +00:00
ssl_buffer.cc Move init_buf and rwstate into SSL3_STATE. 2017-10-24 18:55:05 +00:00
ssl_cert.cc Rename ssl3_send_alert and ssl3_protocol_version. 2017-10-12 16:24:35 +00:00
ssl_cipher.cc Switch int to bool in ssl_cipher.cc. 2017-10-02 20:41:20 +00:00
ssl_file.cc Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
ssl_key_share.cc Use constexpr to avoid kNamedGroups initializer 2017-10-10 21:01:59 +00:00
ssl_lib.cc Move init_buf and rwstate into SSL3_STATE. 2017-10-24 18:55:05 +00:00
ssl_privkey.cc Have a bit more fun with Span. 2017-10-12 19:01:34 +00:00
ssl_session.cc Use more scopers. 2017-10-24 17:50:05 +00:00
ssl_stat.cc Use more scopers. 2017-10-24 17:50:05 +00:00
ssl_test.cc Make all read errors idempotent. 2017-10-17 21:28:51 +00:00
ssl_transcript.cc Always process handshake records in full. 2017-10-17 14:53:11 +00:00
ssl_versions.cc Rename ssl3_send_alert and ssl3_protocol_version. 2017-10-12 16:24:35 +00:00
ssl_x509.cc Have fun with lock scopers. 2017-09-28 17:49:37 +00:00
t1_enc.cc Clear the last of ssl->s3->tmp. 2017-10-24 19:35:35 +00:00
t1_lib.cc Check early ALPN before offering 0-RTT. 2017-10-25 03:31:56 +00:00
tls13_both.cc Have a bit more fun with Span. 2017-10-12 19:01:34 +00:00
tls13_client.cc Use more scopers. 2017-10-24 17:50:05 +00:00
tls13_enc.cc Have a bit more fun with Span. 2017-10-12 19:01:34 +00:00
tls13_server.cc Use more scopers. 2017-10-24 17:50:05 +00:00
tls_method.cc Move init_buf and rwstate into SSL3_STATE. 2017-10-24 18:55:05 +00:00
tls_record.cc Make all read errors idempotent. 2017-10-17 21:28:51 +00:00