Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1753413376, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"5f3195d7f95767bacaa53e5cfaa0d052", "commit": {"type":"commit", "time": 1532088744, "time_ofs": 18446744073709551316, "oid_tree": { "oid": "e32c89c425221568efd55ac788b0a010c30fcbb2", "alias": []}, "oid":{ "oid": "c5d1fb78fd0fdbe1f1e61211bd56192a0f95bc91", "alias": []}, "msg": "Add TODO comment for a nonsensical public API", "sig_commit": { "git_time": { "time": 1532088744, "offset": -300 }, "name": "Benjamin Kaduk", "email": "kaduk@mit.edu", "md5": "4658a77df5a10149cf73d60e70f70b2d" }, "sig_author": { "git_time": { "time": 1527696742, "offset": -300 }, "name": "Benjamin Kaduk", "email": "bkaduk@akamai.com", "md5": "a05981ba89c2b7753f6e41ad2046bdd8" }}, "body": "Add TODO comment for a nonsensical public API\n\nThe API used to set what SNI value to send in the ClientHello\ncan also be used on server SSL objects, with undocumented and\nun-useful behavior. Unfortunately, when generic SSL_METHODs\nare used, s-\u003eserver is still set, prior to the start of the\nhandshake, so we cannot prevent this nonsensical usage at the\npresent time. Leave a note to revisit this when ABI-breaking\nchanges are permitted.\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/6378)\n" , "diff": "diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c\nindex 354769b..c170eed 100644\n--- a/ssl/s3_lib.c\n+++ b/ssl/s3_lib.c\n@@ -3466,6 +3466,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)\n break;\n #endif /* !OPENSSL_NO_EC */\n case SSL_CTRL_SET_TLSEXT_HOSTNAME:\n+ /*\n+ * TODO(OpenSSL1.2)\n+ * This API is only used for a client to set what SNI it will request\n+ * from the server, but we currently allow it to be used on servers\n+ * as well, which is a programming error. Currently we just clear\n+ * the field in SSL_do_handshake() for server SSLs, but when we can\n+ * make ABI-breaking changes, we may want to make use of this API\n+ * an error on server SSLs.\n+ */\n if (larg \u003d\u003d TLSEXT_NAMETYPE_host_name) {\n size_t len;\n \n","s":{"c":1753413376,"u": 63127}} ],"g": 64565,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}