Re: Does openssl sanity check ALPN strings?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Jun 26, 2019, at 4:25 PM, Hal Murray <hmurray@xxxxxxxxxxxxxxx> wrote:
> If a client passes {99, "a", "z" } with a length of 3 to 
> SSL_CTX_set_alpn_protos,
> does that get rejected or sent to the server?
> 
> If a somebody sends that to a server, does it get passed to the alpn callback?

I don't think OpenSSL does any checking on the client side --- whatever bytes you supply get sent to the server.

On the server side it does some checking before calling the alpn callback but I don't know that it makes any guarantees of validity.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux