From 34e9ac5f5d393ba9bc760aa06edcd14a2586316e Mon Sep 17 00:00:00 2001 From: Dmitri Tikhonov Date: Thu, 24 Oct 2019 10:17:25 -0400 Subject: [PATCH] Release 2.4.10: fix regression in 2.4.9, use ls-qpack 0.10.6 --- CHANGELOG | 3 ++- include/lsquic.h | 2 +- src/liblsquic/ls-qpack | 2 +- src/liblsquic/lsquic_handshake.c | 6 +++++- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 664d17acc..54871d140 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,11 +1,12 @@ 2019-10-24 - - 2.4.9 + - 2.4.10 - [BUGFIX] IETF QUIC server: fix uninitialized variable use. - [BUGFIX] make sure TLSv1.3 is not disabled in SSL object. - [BUGFIX] Use issuer name and serial number to cache certs (SKID values are not unique). - [BUGFIX] Always set the idle alarm in IETF connection so that it can time out. + - Use ls-qpack v0.10.6, as it silences some warnings. 2019-10-21 - 2.4.8 diff --git a/include/lsquic.h b/include/lsquic.h index eef4c4414..4fc2bcc49 100644 --- a/include/lsquic.h +++ b/include/lsquic.h @@ -25,7 +25,7 @@ extern "C" { #define LSQUIC_MAJOR_VERSION 2 #define LSQUIC_MINOR_VERSION 4 -#define LSQUIC_PATCH_VERSION 9 +#define LSQUIC_PATCH_VERSION 10 /** * Engine flags: diff --git a/src/liblsquic/ls-qpack b/src/liblsquic/ls-qpack index 092317a07..1786126dc 160000 --- a/src/liblsquic/ls-qpack +++ b/src/liblsquic/ls-qpack @@ -1 +1 @@ -Subproject commit 092317a0748d60afb2772db001848351fa163084 +Subproject commit 1786126dc6e104fdfa7b7c45611b2d7c870a0e55 diff --git a/src/liblsquic/lsquic_handshake.c b/src/liblsquic/lsquic_handshake.c index ba14086db..df85767b7 100644 --- a/src/liblsquic/lsquic_handshake.c +++ b/src/liblsquic/lsquic_handshake.c @@ -2039,7 +2039,7 @@ get_sni_SSL_CTX(struct lsquic_enc_session *enc_session, lsquic_lookup_cert_f cb, cert_item_t *item; struct ssl_ctx_st *ssl_ctx; size_t key_sz; - unsigned char key[0x200]; + unsigned char key[0x400]; if (!enc_session->ssl_ctx) { @@ -2086,6 +2086,10 @@ get_sni_SSL_CTX(struct lsquic_enc_session *enc_session, lsquic_lookup_cert_f cb, else { LSQ_INFO("cannot generate cert cache key, make copy"); + out = NULL; + len = i2d_X509(crt, &out); + if (len < 0) + return GET_SNI_ERR; copy: enc_session->cert_ptr = lsquic_str_new((char *) out, len); OPENSSL_free(out); if (!enc_session->cert_ptr)