Skip to content
Commit b04f9479 authored by Kazuki Yamaguchi's avatar Kazuki Yamaguchi Committed by Matt Caswell
Browse files

Fix NPN protocol name list validation

Since 50932c4a "PACKETise ServerHello processing",
ssl_next_proto_validate() incorrectly allows empty protocol name.
draft-agl-tls-nextprotoneg-04[1] says "Implementations MUST ensure that
the empty string is not included and that no byte strings are
truncated."
This patch restores the old correct behavior.

[1] https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04



Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent c5ebfcab
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment