Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 497991613469b588b969f94aea2228720a1bddab
commit497991613469b588b969f94aea2228720a1bddab[log] [tgz]
authorLukas Tribus <lukas@ltri.eu>Mon Jul 08 14:29:15 2019 +0200
committerWilly Tarreau <w@1wt.eu>Tue Jul 09 04:47:18 2019 +0200
tree2a76da67c672ae0296ec784ff6fe4b4356dce866
parenta1ab97316f34dc3b478cd076b76b01c0e23b8769 [diff]
BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2

Commit 54832b97 ("BUILD: enable several LibreSSL hacks, including")
changed empty handshake detection in OpenSSL <= 1.0.2 and LibreSSL,
from accessing packet_length directly (not available in LibreSSL) to
calling SSL_state() instead.

However, SSL_state() appears to be fully broken in both OpenSSL and
LibreSSL.

Since there is no possibility in LibreSSL to detect an empty handshake,
let's not try (like BoringSSL) and restore this functionality for
OpenSSL 1.0.2 and older, by reverting to the previous behavior.

Should be backported to 2.0.
1 file changed
tree: 2a76da67c672ae0296ec784ff6fe4b4356dce866
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION