Commit b510b740 authored by Matt Caswell's avatar Matt Caswell
Browse files

Ignore the session when setting SNI in s_client 

As per this comment:

https://github.com/openssl/openssl/issues/4496#issuecomment-337767145



Since the server is entitled to reject our session our ClientHello
should include everything that we would want if a full handshake were
to happen. Therefore we shouldn't use the session as a source of
information for setting SNI.

Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)
parent 665d899f

apps/s_client.c

+0 −11
Original line number Diff line number Diff line
@@ -1923,18 +1923,7 @@ int s_client_main(int argc, char **argv) 
            ERR_print_errors(bio_err);

            goto end;

        }

        /* By default the SNI should be the same as was set in the session */

        if (!noservername && servername == NULL) {

            servername = SSL_SESSION_get0_hostname(sess);



            if (servername == NULL) {

                /*

                 * Force no SNI to be sent so we are consistent with the

                 * session.

                 */

                noservername = 1;

            }

        }

        SSL_SESSION_free(sess);

    }

test/recipes/70-test_sslmessages.t

+1 −2
Original line number Diff line number Diff line
@@ -164,8 +164,7 @@ $proxy->clientflags("-no_tls1_3 -sess_in ".$session); 
$proxy->clientstart();

checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,

               checkhandshake::DEFAULT_EXTENSIONS

               & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION

               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,

               & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION,

               "Resumption handshake test");

unlink $session;

test/recipes/70-test_tls13messages.t

+2 −4
Original line number Diff line number Diff line
@@ -167,8 +167,7 @@ $proxy->clientstart(); 
checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,

               (checkhandshake::DEFAULT_EXTENSIONS

                | checkhandshake::PSK_CLI_EXTENSION

                | checkhandshake::PSK_SRV_EXTENSION)

               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,

                | checkhandshake::PSK_SRV_EXTENSION),

               "Resumption handshake test");



#Test 3: A status_request handshake (client request only)
@@ -312,8 +311,7 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 
               (checkhandshake::DEFAULT_EXTENSIONS

                | checkhandshake::KEY_SHARE_HRR_EXTENSION

                | checkhandshake::PSK_CLI_EXTENSION

                | checkhandshake::PSK_SRV_EXTENSION)

               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,

                | checkhandshake::PSK_SRV_EXTENSION),

               "Resumption handshake with HRR test");



#Test 16: Acceptable but non preferred key_share