Replace open_close_notify with open_app_data.
While a fairly small hook, open_close_notify is pretty weird. It
processes things at the record level and not above. Notably, this will
break if it skips past a TLS 1.3 KeyUpdate.
Instead, it can share the core part of SSL_read/SSL_peek, with slight
tweaks to post-handshake processing. Note this does require some tweaks
to that code. Notably, to retain the current semantics that SSL_shutdown
does not call funny callbacks, we suppress tickets.
Change-Id: Ia0cbd0b9f4527f1b091dd2083a5d8c7efb2bac65
Reviewed-on: https://boringssl-review.googlesource.com/21885
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index e75d976..a03c581 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -774,6 +774,13 @@
}
int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
+ if (ssl->s3->write_shutdown != ssl_shutdown_none) {
+ // Ignore tickets on shutdown. Callers tend to indiscriminately call
+ // |SSL_shutdown| before destroying an |SSL|, at which point calling the new
+ // session callback may be confusing.
+ return 1;
+ }
+
UniquePtr<SSL_SESSION> session(SSL_SESSION_dup(ssl->s3->established_session,
SSL_SESSION_INCLUDE_NONAUTH));
if (!session) {
