Description
We've observed a bug in a production environment where clients would receive malformed NPN sets. This is caused by a race condition in SSLNextProtocolSet::advertiseProtocols:
if (!npn && !this->endpoints.empty()) { create_npn_advertisement(this->endpoints, &npn, &npnsz); }
Obviously this code is attempting to initailize the npn offer string on the first SSL request to that port, this is a race condition. I have a fix that will be committed today.
Attachments
Issue Links
- is duplicated by
-
TS-3438 npn list being created with garbage data
- Closed