Send illegal parameter alerts for various HelloRetryRequest violations.
Be more RFC compliant and send illegal parameter alerts when the client
receives a HelloRetryRequest that requests a group that we did not offer
or a group that we sent a key share for in the ClientHello. These were
annotated as missing, but not previously implemented.
Prompted by a report from the tlspuffin team.
ok tb@
Mop up SSL_CTX_set_options(3).
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is now a no-op, tidy up
SSL_OP_LEGACY_SERVER_CONNECT and reflect the current state of SSL_OP_ALL
Delete the entire "SECURE RENEGOTIATION" section that contained ancient
ramblings.
ok beck@ tb@
Remove SSL_OP_LEGACY_SERVER_CONNECT from default options.
Remove SSL_OP_LEGACY_SERVER_CONNECT from the default SSL options and the
SSL_OP_ALL define. This means that we will now refuse to connect to a
TLSv1.2 server if it does not support the Renegotiation Indication (RI)
extension. This prevents a class of attacks against TLS clients that are
talking to TLSv1.2-only servers that permit client initiated renegotiation.
Raised by Lucca Hirschi et al from Inria.
ok beck@ tb@
relayd: drain OpenSSL error queue on TLS failures
Borrowed from smtpd. Without draining we just log "RSA_meth_dup failed"
and lose the actual reason.
Wire ssl_error() into ca_engine_init(), which also kills a dead
RSA_meth_free() on a NULL pointer there, and into ssl_load_key()s fail
path.
Tweaks and OK tb
relayd: use ibuf_get_string() and ibuf_get_data() to read imsg payloads
Drop the local get_string() and read variable-length string and binary
payloads through the ibuf getters instead of the raw imsg->data pointer.
ibuf_get_string() no longer trims the input at the first non-printable
byte like the old get_string() did; the payloads come from the parent
over privsep imsg.
idea and ok claudio
relayd: read parent_dispatch_pfe() payloads via the imsg getters
Use imsg_get_data() for the fixed-size messages and imsg_get_ibuf() for
the variable-length IMSG_CTL_RELOAD path, taking the config name from
the ibuf via ibuf_data()/ibuf_size().
Remove IMSG_SIZE_CHECK and IMSG_DATA_SIZE, no consumer left.
OK claudio
relayd: use imsg_get_ibuf() for variable-length CA key operations
The IMSG_CA_PRIVENC/PRIVDEC messages carry a ctl_keyop header followed
by cko_flen (request) or cko_tlen (response) trailing bytes, so the
exact-size imsg_get_data() cannot be used. Read the header with
imsg_get_ibuf() + ibuf_get() and take the payload from the same ibuf
via ibuf_data()/ibuf_size().
Tweaks (in a different commit) and OK claudio