https://bugs.exim.org/show_bug.cgi?id=2805
Bug ID: 2805
Summary: 4.95 ALPN callback returns protocol prefixed with
length
Product: Exim
Version: N/A
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@???
Reporter: jannik.hoelling@???
CC: exim-dev@???
In the current OpenSSL implementation of ALPN the server returns the length of
the alpn at the beginning of the string.
This results in the server sending back "\004smtp" with a length of 5 when the
client requests "smtp" with a length of 4 as a protocol.
In the alpn openssl callback the variable "in" is a vector in protocol-list
format and the 'out' variable needs to be one of those protocols.
The helper function 'SSL_select_next_proto' from the OpenSSl library implements
this correctly.
pull request
https://github.com/Exim/exim/pull/84
OpenSSL helper function
https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L2933
see also
https://www.openssl.org/docs/man1.1.1/man3/SSL_set_alpn_protos.html
Wireshark debug output
--------------------CLIENTHELLO
Extension: application_layer_protocol_negotiation (len=7)
Type: application_layer_protocol_negotiation (16)
Length: 7
ALPN Extension Length: 5
ALPN Protocol
ALPN string length: 4
ALPN Next Protocol: smtp
-----------------SERVERHELLO
Extension: application_layer_protocol_negotiation (len=8)
Type: application_layer_protocol_negotiation (16)
Length: 8
ALPN Extension Length: 6
ALPN Protocol
ALPN string length: 5
ALPN Next Protocol: \004smtp
Submitted the pull request on github since bugs.exim.org gave me an error
before while trying to sign up, sorry about that.
"There was an error sending mail from 'admin@???' to 'REDACTED'
Couldn't connect to localhost"
--
You are receiving this mail because:
You are on the CC list for the bug.
