diff options
author | Dan McArdle <dmcardle@google.com> | 2020-10-29 14:31:31 -0400 |
---|---|---|
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2021-01-12 20:41:51 +0000 |
commit | c295935a9bf345acb597ffefb69f7e095c3eee72 (patch) | |
tree | 7c9b197e2c21aa5281df841d55f044f1a069e432 /ssl/handshake_server.cc | |
parent | 5d54832f1a35ea4f3c7da1e92c205bb4591341d1 (diff) | |
download | boringssl-c295935a9bf345acb597ffefb69f7e095c3eee72.zip boringssl-c295935a9bf345acb597ffefb69f7e095c3eee72.tar.gz boringssl-c295935a9bf345acb597ffefb69f7e095c3eee72.tar.bz2 |
Send ECH acceptance signal from backend server.
This CL implements the backend server behavior described in Section 7.2
of draft-ietf-tls-esni-09.
Bug: 275
Change-Id: I2e162673ce564db0cb75fc9b71ef11ed15037f4b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43924
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'ssl/handshake_server.cc')
-rw-r--r-- | ssl/handshake_server.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index 22fa6a1..bc0a0d1 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc @@ -644,6 +644,12 @@ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) { return ssl_hs_error; } + if (hs->ech_present && hs->ech_is_inner_present) { + OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return ssl_hs_error; + } + hs->state = state12_select_certificate; return ssl_hs_ok; } |