<i>EOF handling potentially broken with OpenSSL 1.1.1e or newer</i> status still Open with 5 other changes
by
D 2023-11-10T21:15:10.593
J icomment There\sis\san\sSSL\soption\sgoverning\sthis\sbehaviour:\s`SSL_OP_IGNORE_UNEXPECTED_EOF`.\s\sThere\sare\sreasons\swhy\sOpenSSL\smade\sthis\schange.\s\sSee:\r\n\r\n*\shttps://github.com/openssl/openssl/issues/10880\r\n*\shttps://github.com/openssl/openssl/pull/10882\r\n\r\nMy\sinitial\sthought\swas\sunconditionally\sto\sset\sthe\soption:\r\n\r\n\t---\stls.c\r\n\t+++\stls.c\r\n\t@@\s-1212,10\s+1212,13\s@@\r\n\t\s#endif\r\n\t\s\s\s\s\s\r\n\t\s\s\s\s\sSSL_CTX_set_app_data(\sctx,\s(VOID*)interp);\s/*\sremember\sthe\sinterpreter\s*/\r\n\t\s\s\s\s\sSSL_CTX_set_options(\sctx,\sSSL_OP_ALL);\s\s\s\s\s/*\sall\sSSL\sbug\sworkarounds\s*/\r\n\t\s\s\s\s\sSSL_CTX_set_options(\sctx,\soff);\s\s\s\s/*\sall\sSSL\sbug\sworkarounds\s*/\r\n\t+#ifdef\sSSL_OP_IGNORE_UNEXPECTED_EOF\r\n\t+\s\s\s\sSSL_CTX_set_options(\sctx,\sSSL_OP_IGNORE_UNEXPECTED_EOF);\r\n\t+#endif\r\n\t\s\s\s\s\sSSL_CTX_sess_set_cache_size(\sctx,\s128);\r\n\t\s\r\n\t\s\s\s\s\sif\s(ciphers\s!=\sNULL)\r\n\t\s\s\s\s\s\s\s\sSSL_CTX_set_cipher_list(ctx,\sciphers);\r\n\t\s\r\n\r\nHowever,\sgiven\sthat\sthis\schange\sin\sbehaviour\swas\sintended\sto\sreveal\serrors\sthat\swere\spreviously\sunreported,\sI\sthink\sit\smay\smake\ssense\sto\sadd\san\soption\s(this\sis\swhat\sopenssl\sdid\sfor\ss_client):\s_e.g._,\s`-ignoreunexpectedeof\sbool`.\s\sThe\snext\squestion\sis\swhether\sto\sdefault\sit\sto\strue\sor\sfalse.\s\sTo\spreserve\sbackwards\scompatibility\sand\sbe\sliberal\sin\swhat\swe\saccept,\smy\sinclination\swould\sbe\sto\sdefault\sto\strue.
J login azazel
J mimetype text/x-markdown
J priority Immediate
J resolution Open
K 88c0c8496999c48f513eb4f97aaa0ac9829b35d3
U azazel
Z de0b1aa38803f59d1d7b83525ad90413