Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 5db881ff0506bd5bb6caf9d80a06e79afa7473ca
commit5db881ff0506bd5bb6caf9d80a06e79afa7473ca[log] [tgz]
authorLukas Tribus <lukas@ltri.eu>Mon Jul 08 14:29:15 2019 +0200
committerWilly Tarreau <w@1wt.eu>Tue Jul 09 04:49:07 2019 +0200
tree03517c14001921f4bdb7f5335497679790e23e78
parenta9da4674c88c90792898e60ed6e79f1807c6b205 [diff]
BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2

Commit 54832b97 ("BUILD: enable several LibreSSL hacks, including")
changed empty handshake detection in OpenSSL <= 1.0.2 and LibreSSL,
from accessing packet_length directly (not available in LibreSSL) to
calling SSL_state() instead.

However, SSL_state() appears to be fully broken in both OpenSSL and
LibreSSL.

Since there is no possibility in LibreSSL to detect an empty handshake,
let's not try (like BoringSSL) and restore this functionality for
OpenSSL 1.0.2 and older, by reverting to the previous behavior.

Should be backported to 2.0.

(cherry picked from commit 497991613469b588b969f94aea2228720a1bddab)
Signed-off-by: Willy Tarreau <w@1wt.eu>
1 file changed
tree: 03517c14001921f4bdb7f5335497679790e23e78
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION