diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-05-05 19:23:37 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-05-05 21:31:43 +0100 |
| commit | 4a1bd6b935ca5c5b70408a60036312d4825fd24e (patch) | |
| tree | 266f9a1e9e40ee559b190d77a801613ad704e75c /doc | |
| parent | 11c4a22b0a2098d2ad7b9d210bc4a1bfc9742ff8 (diff) | |
OpenSSL: better handling of $tls_{in,out}_certificate_verified under resumption
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-txt/experimental-spec.txt | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 211841f3f..aa7046e58 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -993,15 +993,16 @@ Observability: New log_selector "tls_resumption", appends an asterisk to the tls_cipher "X=" element. - Variables $tls_{in,out}_resumption have bit 0-4 indicating respectively + Variables $tls_{in,out}_resumption have bits 0-4 indicating respectively support built, client requested ticket, client offered session, server issued ticket, resume used. A suitable decode list is provided in the builtin macro _RESUME_DECODE for ${listextract {}{}}. Issues: In a resumed session: - $tls_{in,out}_certificate_verified will be unset (undler OpenSSL) - verify = certificate will be false (undler OpenSSL) + $tls_{in,out}_certificate_verified will be set, and verify = certificate + will be true, when verify failed but tls_try_verify_hosts allowed the + connection (under OpenSSL) $tls_{in,out}_cipher will have values different to the original (under GnuTLS) $tls_{in,out}_ocsp will be "not requested" or "no response" |