Actions
Bug #11810
closed[PATCH] OpenSSL::SSL::SSLcontext#{alpn,npn}_select_cb= does not work properly
Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev (2015-12-13 trunk 53061) [x86_64-linux]
Description
The protocol list passed to the callback function (set by SSL_CTX_set_alpn_select_cb
, SSL_CTX_set_next_proto_select_cb
) is not null-terminated string.
This issue seems to have been existing since first NPN was supported (r36871).
This patch also removes the code checking the length of protocol name, because it is already validated by OpenSSL.
Files
Updated by naruse (Yui NARUSE) over 8 years ago
- Status changed from Open to Closed
Applied in changeset r53064.
- ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing
protocol list.
The protocol list from OpenSSL is not null-terminated.
patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082]
Updated by usa (Usaku NAKAMURA) over 7 years ago
- Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: DONE
ruby_2_2 r56798 merged revision(s) 53064.
Actions
Like0
Like0Like0