Re: Does openssl sanity check ALPN strings?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

wiml@xxxxxxxxxxxxx said:
> I don't think OpenSSL does any checking on the client side --- whatever bytes
> you supply get sent to the server.

> On the server side it does some checking before calling the alpn callback but
> I don't know that it makes any guarantees of validity. 

Thanks.

Does out/outlen as returned by the server side alpn callback include the 
length byte?

man page says:
       cb is the application defined callback. The in, inlen parameters are a
       vector in protocol-list format. The value of the out, outlen vector
       should be set to the value of a single protocol selected from the in,
       inlen vector. The out buffer may point directly into in, or to a buffer
       that outlives the handshake. The arg parameter is the pointer set via
       SSL_CTX_set_alpn_select_cb().



-- 
These are my opinions.  I hate spam.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux