]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 98d8117) | patch
Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION
authorMatt Caswell <matt@openssl.org>
Wed, 2 Aug 2023 15:43:11 +0000 (16:43 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 15 Aug 2023 13:41:31 +0000 (14:41 +0100)
commitb644a9323f0060e27b3e45101856dc9e3bec0ac4
tree7d083c2e66b53e43a7948b5b85a23612e9422316tree
parent98d81174d3763053b32b8cfd7225acd0a111d456commit | diff
Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION

An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-handsahke CertificateRequest then this
would be treated as a TLS protocol violation with an "unexpected message"
alert code. However RFC 9001 specifically requires us to treat this as
QUIC PROTOCOL_VIOLATION. So we have to translate the "unexpected message"
alert code in this one instance.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
include/internal/quic_tls.h diff | blob | blame | history
ssl/quic/quic_channel.c diff | blob | blame | history
ssl/quic/quic_tls.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git