Move SNI out of CipherSpec/Disable SNI changing

RESOLVED FIXED

Status

NSS
Libraries
RESOLVED FIXED
2 years ago
8 months ago

People

(Reporter: ekr, Unassigned)

Tracking

trunk

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
Created attachment 8760807 [details] [diff] [review]
0001-Remove-srvVirtName-from-cipherspec.patch
(Reporter)

Comment 1

2 years ago
This was a silly design and is getting in the way of TLS 1.3.

Given the ifdefs I doubt anyone needs to change SNI.
(Reporter)

Updated

2 years ago
Attachment #8760807 - Flags: review?(ttaubert)
Comment on attachment 8760807 [details] [diff] [review]
0001-Remove-srvVirtName-from-cipherspec.patch

Review of attachment 8760807 [details] [diff] [review]:
-----------------------------------------------------------------

r=me. ssl.sh tests with NSS_CYCLES=standard succeed.
Attachment #8760807 - Flags: review?(ttaubert) → review+

Comment 3

2 years ago
Comment on attachment 8760807 [details] [diff] [review]
0001-Remove-srvVirtName-from-cipherspec.patch

Review of attachment 8760807 [details] [diff] [review]:
-----------------------------------------------------------------

::: lib/ssl/ssl3con.c
@@ +8491,2 @@
>      if (!ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) {
>  #ifndef SSL_SNI_ALLOW_NAME_CHANGE_2HS

Why don't you delete these #ifndef SSL_SNI_ALLOW_NAME_CHANGE_2HS lines?
(Reporter)

Comment 4

2 years ago
Comment on attachment 8760807 [details] [diff] [review]
0001-Remove-srvVirtName-from-cipherspec.patch

Review of attachment 8760807 [details] [diff] [review]:
-----------------------------------------------------------------

WTC, that is pilot error. My updated patch is on my machine and removes the #ifdef
(Reporter)

Updated

8 months ago
Status: NEW → RESOLVED
Last Resolved: 8 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.