Closed
Conversation
The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes openssl#5317
The ciphers field in a session contains the stack of ciphers offered by the client.
The max protocol version was only being set on the server side. It should have been done on both the client and the server.
mattcaswell
added
branch: master
This was referenced Apr 27, 2018
Contributor
|
I prefer to not fix this in 1.1.1 |
Member
Author
|
Fixup commit pushed to address the travis failure.
I disagree. I believe the intent of the function is clear, and it doesn't do what it is supposed to do - therefore this is a bug which should be fixed. Do we need to have a vote? |
Contributor
|
I didn't force a vote, but I would like you to wait a few days to see what others think. |
levitte
requested changes
May 2, 2018
ssl/ssl_lib.c
Outdated
| @@ -2552,23 +2552,32 @@ int SSL_set_cipher_list(SSL *s, const char *str) | |||
| char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) | |||
Member
There was a problem hiding this comment.
Could I ask that len be renamed to size? The reason is that there's a common pattern where len indicates that buf is an input buffer with len chars of content, while size indicates that buf is an output buffer with a maximum size. So size makes more sense, intuitively.
Member
Author
levitte
approved these changes
May 2, 2018
Member
Author
Contributor
|
Yes I am okay with it, thanks for asking. |
mspncp
added
the
approval: done
Member
Author
|
Pushed. Thanks. |
levitte
pushed a commit
that referenced
this pull request
May 2, 2018
The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte <[email protected]> (Merged from #6113)
levitte
pushed a commit
that referenced
this pull request
May 2, 2018
The ciphers field in a session contains the stack of ciphers offered by the client. Reviewed-by: Richard Levitte <[email protected]> (Merged from #6113)
levitte
pushed a commit
that referenced
this pull request
May 2, 2018
Reviewed-by: Richard Levitte <[email protected]> (Merged from #6113)
levitte
pushed a commit
that referenced
this pull request
May 2, 2018
The max protocol version was only being set on the server side. It should have been done on both the client and the server. Reviewed-by: Richard Levitte <[email protected]> (Merged from #6113)
levitte
pushed a commit
that referenced
this pull request
May 2, 2018
Reviewed-by: Richard Levitte <[email protected]> (Merged from #6113)
bob-beck
pushed a commit
to openbsd/src
that referenced
this pull request
Jan 9, 2021
SSL_get_shared_ciphers() has been quite broken forever (see BUGS). What's maybe even worse than those bugs is that it only ever returned the string representing the client's ciphers which happen to fit into buf. That's kind of odd, given its name. This commit brings it in line with OpenSSL's version which changed behavior almost three years ago. reviewed and stupid bug caught by schwarze ok beck inoguchi jsing commit a216df599a6076147c27acea6c976fb11f505b1a Author: Matt Caswell <[email protected]> Date: Fri Apr 27 11:20:52 2018 +0100 Fix SSL_get_shared_ciphers() The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl/openssl#6113)
busterb
pushed a commit
to libressl/openbsd
that referenced
this pull request
Feb 3, 2021
SSL_get_shared_ciphers() has been quite broken forever (see BUGS). What's maybe even worse than those bugs is that it only ever returned the string representing the client's ciphers which happen to fit into buf. That's kind of odd, given its name. This commit brings it in line with OpenSSL's version which changed behavior almost three years ago. reviewed and stupid bug caught by schwarze ok beck inoguchi jsing commit a216df599a6076147c27acea6c976fb11f505b1a Author: Matt Caswell <[email protected]> Date: Fri Apr 27 11:20:52 2018 +0100 Fix SSL_get_shared_ciphers() The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl/openssl#6113)
jcs
pushed a commit
to jcs/openbsd-src
that referenced
this pull request
Mar 4, 2021
SSL_get_shared_ciphers() has been quite broken forever (see BUGS). What's maybe even worse than those bugs is that it only ever returned the string representing the client's ciphers which happen to fit into buf. That's kind of odd, given its name. This commit brings it in line with OpenSSL's version which changed behavior almost three years ago. reviewed and stupid bug caught by schwarze ok beck inoguchi jsing commit a216df599a6076147c27acea6c976fb11f505b1a Author: Matt Caswell <[email protected]> Date: Fri Apr 27 11:20:52 2018 +0100 Fix SSL_get_shared_ciphers() The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl/openssl#6113)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The function SSL_get_shared_ciphers() is supposed to return ciphers shared
by the client and the server. However it only ever returned the client
ciphers.
Fixes #5317
Checklist