From d8253271bee23ac54145c0ba1d15f48e6620bb5e Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Thu, 1 Aug 2024 14:09:41 +0000 Subject: automatic import of compat-openssl11 --- openssl-1.1.1-alpn-cb.patch | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 openssl-1.1.1-alpn-cb.patch (limited to 'openssl-1.1.1-alpn-cb.patch') diff --git a/openssl-1.1.1-alpn-cb.patch b/openssl-1.1.1-alpn-cb.patch new file mode 100644 index 0000000..465f7b8 --- /dev/null +++ b/openssl-1.1.1-alpn-cb.patch @@ -0,0 +1,27 @@ +commit 9e885a707d604e9528b5491b78fb9c00f41193fc +Author: Tomas Mraz +Date: Thu Mar 26 15:59:00 2020 +0100 + + s_server: Properly indicate ALPN protocol mismatch + + Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that + an alert is sent to the client on ALPN protocol mismatch. + + Fixes: #2708 + + Reviewed-by: Matt Caswell + (Merged from https://github.com/openssl/openssl/pull/11415) + +diff --git a/apps/s_server.c b/apps/s_server.c +index bcc83e562c..591c6c19c5 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, + if (SSL_select_next_proto + ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in, + inlen) != OPENSSL_NPN_NEGOTIATED) { +- return SSL_TLSEXT_ERR_NOACK; ++ return SSL_TLSEXT_ERR_ALERT_FATAL; + } + + if (!s_quiet) { -- cgit v1.2.3