Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 220a26c31647b8cfd76f3922d08cb2e847e3009e
commit220a26c31647b8cfd76f3922d08cb2e847e3009e[log] [tgz]
authorOlivier Houchard <ohouchard@haproxy.com>Thu Jan 23 14:57:36 2020 +0100
committerOlivier Houchard <cognet@ci0.org>Thu Jan 23 15:01:11 2020 +0100
tree253bc79996383f96fb70539d7443867bb662a320
parentc192b0ab95ea05d85437a96766c46f1af14d7f69 [diff]
BUG/MEDIUM: 0rtt: Only consider the SSL handshake.

We only add the Early-data header, or get ssl_fc_has_early to return 1, if
we didn't already did the SSL handshake, as otherwise, we know the early
data were fine, and there's no risk of replay attack. But to do so, we
wrongly checked CO_FL_HANDSHAKE, we have to check CO_FL_SSL_WAIT_HS instead,
as we don't care about the status of any other handshake.

This should be backported to 2.1, 2.0, and 1.9.

When deciding if we should add the Early-Data header, or if the sample fetch
should return
2 files changed
tree: 253bc79996383f96fb70539d7443867bb662a320
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION