forked from wolfSSL/wolfssl
Restore TLS v1.3 hello_retry behavior with session id. Fix for SNI with default (no name) putting newline due to fgets.
This commit is contained in:
David Garske
@@ -2789,19 +2789,24 @@ static int DoResume(SnifferSession* session, char* error)
|
|||||||
if (IsAtLeastTLSv1_3(session->sslServer->version)) {
|
if (IsAtLeastTLSv1_3(session->sslServer->version)) {
|
||||||
resume = GetSession(session->sslServer,
|
resume = GetSession(session->sslServer,
|
||||||
session->sslServer->session.masterSecret, 0);
|
session->sslServer->session.masterSecret, 0);
|
||||||
|
if (resume == NULL) {
|
||||||
|
/* TLS v1.3 with hello_retry uses session_id even for new session,
|
||||||
|
so ignore error here */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
resume = GetSession(session->sslServer,
|
resume = GetSession(session->sslServer,
|
||||||
session->sslServer->arrays->masterSecret, 0);
|
session->sslServer->arrays->masterSecret, 0);
|
||||||
}
|
if (resume == NULL) {
|
||||||
if (resume == NULL) {
|
#ifdef WOLFSSL_SNIFFER_STATS
|
||||||
#ifdef WOLFSSL_SNIFFER_STATS
|
INC_STAT(SnifferStats.sslResumeMisses);
|
||||||
INC_STAT(SnifferStats.sslResumeMisses);
|
#endif
|
||||||
#endif
|
SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
|
||||||
SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
|
return -1;
|
||||||
return -1;
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* make sure client has master secret too */
|
/* make sure client has master secret too */
|
||||||
|
|||||||
@@ -366,6 +366,15 @@ static int load_key(const char* name, const char* server, int port,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void TrimNewLine(char* str)
|
||||||
|
{
|
||||||
|
word32 strSz = 0;
|
||||||
|
if (str)
|
||||||
|
strSz = (word32)XSTRLEN(str);
|
||||||
|
if (strSz > 0 && (str[strSz-1] == '\n' || str[strSz-1] == '\r'))
|
||||||
|
str[strSz-1] = '\0';
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char** argv)
|
int main(int argc, char** argv)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
@@ -504,13 +513,10 @@ int main(int argc, char** argv)
|
|||||||
XMEMSET(keyFilesBuf, 0, sizeof(keyFilesBuf));
|
XMEMSET(keyFilesBuf, 0, sizeof(keyFilesBuf));
|
||||||
XMEMSET(keyFilesUser, 0, sizeof(keyFilesUser));
|
XMEMSET(keyFilesUser, 0, sizeof(keyFilesUser));
|
||||||
if (XFGETS(keyFilesUser, sizeof(keyFilesUser), stdin)) {
|
if (XFGETS(keyFilesUser, sizeof(keyFilesUser), stdin)) {
|
||||||
word32 strSz;
|
TrimNewLine(keyFilesUser);
|
||||||
if (keyFilesUser[0] != '\r' && keyFilesUser[0] != '\n') {
|
if (XSTRLEN(keyFilesUser) > 0) {
|
||||||
keyFilesSrc = keyFilesUser;
|
keyFilesSrc = keyFilesUser;
|
||||||
}
|
}
|
||||||
strSz = (word32)XSTRLEN(keyFilesUser);
|
|
||||||
if (keyFilesUser[strSz-1] == '\n')
|
|
||||||
keyFilesUser[strSz-1] = '\0';
|
|
||||||
}
|
}
|
||||||
XSTRNCPY(keyFilesBuf, keyFilesSrc, sizeof(keyFilesBuf));
|
XSTRNCPY(keyFilesBuf, keyFilesSrc, sizeof(keyFilesBuf));
|
||||||
|
|
||||||
@@ -519,6 +525,7 @@ int main(int argc, char** argv)
|
|||||||
printf("Enter alternate SNI [default: none]: ");
|
printf("Enter alternate SNI [default: none]: ");
|
||||||
XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
|
XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
|
||||||
if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) {
|
if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) {
|
||||||
|
TrimNewLine(cmdLineArg);
|
||||||
if (XSTRLEN(cmdLineArg) > 0) {
|
if (XSTRLEN(cmdLineArg) > 0) {
|
||||||
sniName = cmdLineArg;
|
sniName = cmdLineArg;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user