Fix various errors in redrawing:
- Fix the active pane colour when only two panes and scrollbars enabled.
- Clip left and right scrollbars the same for floating panes.
- Do not subtract scrollbar width twice when working out width of status
line.
- Check if a character is inside a visible range correctly (do not
include the next position outside the range).
Correct secondary key share handling for HelloRetryRequests.
With the introduction of a secondary key share, we fail to ensure that the
HelloRetryRequest does not specify the group that was used for the
secondary key share. We also fail to free the secondary key share early in
this case, meaning that it lingers in memory until the SSL is reset or
freed. Fix both of these issues.
ok tb@
Improve TLSv1.3 server handling of no shared groups.
While we currently correctly handle the no-shared-group case, it currently
fails late when we try to create the key share. Improve detection and
handling so that we fail sooner and send an alert to the client when
processing client key shares.
While here rename preferred_group_found to shared_group_found - we look for
the client preferred group, but any group that we select will always be in
the client list (even if it's the last one).
Reported by the tlspuffin team.
ok tb@
Send illegal parameter alerts for various HelloRetryRequest violations.
Be more RFC compliant and send illegal parameter alerts when the client
receives a HelloRetryRequest that requests a group that we did not offer
or a group that we sent a key share for in the ClientHello. These were
annotated as missing, but not previously implemented.
Prompted by a report from the tlspuffin team.
ok tb@
Mop up SSL_CTX_set_options(3).
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is now a no-op, tidy up
SSL_OP_LEGACY_SERVER_CONNECT and reflect the current state of SSL_OP_ALL
Delete the entire "SECURE RENEGOTIATION" section that contained ancient
ramblings.
ok beck@ tb@
Remove SSL_OP_LEGACY_SERVER_CONNECT from default options.
Remove SSL_OP_LEGACY_SERVER_CONNECT from the default SSL options and the
SSL_OP_ALL define. This means that we will now refuse to connect to a
TLSv1.2 server if it does not support the Renegotiation Indication (RI)
extension. This prevents a class of attacks against TLS clients that are
talking to TLSv1.2-only servers that permit client initiated renegotiation.
Raised by Lucca Hirschi et al from Inria.
ok beck@ tb@