external/boringssl: Sync to 0e9138d2.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/aa24851515d6280aa1d6a8b1548fe74691df3136..0e9138d295cd556e830dc8b3be735e808680f4bd
This requires some build tweaks:
- trusty's rules.mk builds with BORINGSSL_NO_CXX to suppress the new C++
scopers since they build their version of keymaster without the STL.
- BORINGSSL_ENABLE_RC4_TLS to temporarily keep RC4 in the TLS stack.
Change-Id: Ic688ec5779f649a4912b00fb2b55cba64fb07449
diff --git a/src/ssl/handshake_server.c b/src/ssl/handshake_server.c
index 4e7aae2..f041129 100644
--- a/src/ssl/handshake_server.c
+++ b/src/ssl/handshake_server.c
@@ -712,7 +712,7 @@
/* Use the old session. */
ssl->session = session;
session = NULL;
- ssl->verify_result = ssl->session->verify_result;
+ ssl->s3->session_reused = 1;
} else {
SSL_set_session(ssl, NULL);
if (!ssl_get_new_session(ssl, 1 /* server */)) {
@@ -808,6 +808,12 @@
if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
ssl->s3->tmp.cert_request = 0;
}
+
+ if (!ssl->s3->tmp.cert_request) {
+ /* OpenSSL returns X509_V_OK when no certificates are requested. This is
+ * classed by them as a bug, but it's assumed by at least NGINX. */
+ ssl->s3->new_session->verify_result = X509_V_OK;
+ }
}
/* Now that the cipher is known, initialize the handshake hash. */
@@ -1188,13 +1194,12 @@
if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
const uint16_t *sigalgs;
- size_t sigalgs_len = tls12_get_psigalgs(ssl, &sigalgs);
+ size_t num_sigalgs = tls12_get_psigalgs(ssl, &sigalgs);
if (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb)) {
goto err;
}
- size_t i;
- for (i = 0; i < sigalgs_len; i++) {
+ for (size_t i = 0; i < num_sigalgs; i++) {
if (!CBB_add_u16(&sigalgs_cbb, sigalgs[i])) {
goto err;
}
@@ -1243,13 +1248,17 @@
if (ssl->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
if (ssl->version == SSL3_VERSION &&
ssl->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
- /* In SSL 3.0, the Certificate message is omitted to signal no certificate. */
+ /* In SSL 3.0, the Certificate message is omitted to signal no
+ * certificate. */
if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return -1;
}
+ /* OpenSSL returns X509_V_OK when no certificates are received. This is
+ * classed by them as a bug, but it's assumed by at least NGINX. */
+ ssl->s3->new_session->verify_result = X509_V_OK;
ssl->s3->tmp.reuse_message = 1;
return 1;
}
@@ -1296,20 +1305,24 @@
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
goto err;
}
+
+ /* OpenSSL returns X509_V_OK when no certificates are received. This is
+ * classed by them as a bug, but it's assumed by at least NGINX. */
+ ssl->s3->new_session->verify_result = X509_V_OK;
} else {
/* The hash would have been filled in. */
if (ssl->ctx->retain_only_sha256_of_client_certs) {
ssl->s3->new_session->peer_sha256_valid = 1;
}
- if (!ssl_verify_cert_chain(ssl, chain)) {
+ if (!ssl_verify_cert_chain(ssl, &ssl->s3->new_session->verify_result,
+ chain)) {
goto err;
}
}
X509_free(ssl->s3->new_session->peer);
ssl->s3->new_session->peer = sk_X509_shift(chain);
- ssl->s3->new_session->verify_result = ssl->verify_result;
sk_X509_pop_free(ssl->s3->new_session->cert_chain, X509_free);
ssl->s3->new_session->cert_chain = chain;