boringssl

History

David Benjamin e6df054a75 Add s->s3->initial_handshake_complete. There's multiple different versions of this check, between s->s3->have_version (only works at some points), s->new_session (really weird and not actually right), s->renegotiate (fails on the server because it's always 2 after ClientHello), and s->s3->tmp.finish_md_len (super confusing). Add an explicit bit with clear meaning. We'll prune some of the others later; notably s->renegotiate can go away when initiating renegotiation is removed. This also tidies up the extensions to be consistent about whether they're allowed during renego: - ALPN failed to condition when accepting from the server, so even if the client didn't advertise, the server could. - SCTs now are allowed during renego. I think forbidding it was a stray copy-paste. It wasn't consistently enforced in both ClientHello and ServerHello, so the server could still supply it. Moreover, SCTs are part of the certificate, so we should accept it wherever we accept certificates, otherwise that session's state becomes incomplete. This matches OCSP stapling. (NB: Chrome will never insert a session created on renego into the session cache and won't accept a certificate change, so this is moot anyway.) Change-Id: Ic9bd1ebe2a2dbe75930ed0213bf3c8ed8170e251 Reviewed-on: https://boringssl-review.googlesource.com/4730 Reviewed-by: Adam Langley <agl@google.com>	2015-05-13 17:11:31 +00:00
..
openssl	Add s->s3->initial_handshake_complete.	2015-05-13 17:11:31 +00:00

David Benjamin e6df054a75 Add s->s3->initial_handshake_complete.

There's multiple different versions of this check, between
s->s3->have_version (only works at some points), s->new_session (really
weird and not actually right), s->renegotiate (fails on the server
because it's always 2 after ClientHello), and s->s3->tmp.finish_md_len
(super confusing). Add an explicit bit with clear meaning. We'll prune
some of the others later; notably s->renegotiate can go away when
initiating renegotiation is removed.

This also tidies up the extensions to be consistent about whether
they're allowed during renego:

- ALPN failed to condition when accepting from the server, so even
  if the client didn't advertise, the server could.

- SCTs now *are* allowed during renego. I think forbidding it was a
  stray copy-paste. It wasn't consistently enforced in both ClientHello
  and ServerHello, so the server could still supply it. Moreover, SCTs
  are part of the certificate, so we should accept it wherever we accept
  certificates, otherwise that session's state becomes incomplete. This
  matches OCSP stapling. (NB: Chrome will never insert a session created
  on renego into the session cache and won't accept a certificate
  change, so this is moot anyway.)

Change-Id: Ic9bd1ebe2a2dbe75930ed0213bf3c8ed8170e251
Reviewed-on: https://boringssl-review.googlesource.com/4730
Reviewed-by: Adam Langley <agl@google.com>

2015-05-13 17:11:31 +00:00

openssl

Add s->s3->initial_handshake_complete.

2015-05-13 17:11:31 +00:00