WiFiClientSecure: don't use the broken max_fragment_length extension (esp8266#4033)

igrr · devyte · commit 3838e58f62ca · 2017-12-28T01:45:49.000-03:00
axTLS does not correctly implement max_fragment_length extension. This causes servers which understand this extension (currently GnuTLS- and WolfSSL-based) to reject the client hello. Until this is fixed in axTLS, remove the call to enable this extension from WiFiClientSecure. Fixes esp8266#3932.
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
@@ -113,7 +113,6 @@ class SSLContext
     {
         SSL_EXTENSIONS* ext = ssl_ext_new();
         ssl_ext_set_host_name(ext, hostName);
-        ssl_ext_set_max_fragment_size(ext, 4096);
         if (_ssl) {
             /* Creating a new TLS session on top of a new TCP connection.
                ssl_free will want to send a close notify alert, but the old TCP connection

Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,6 @@ class SSLContext`
`113`	`113`	`{`
`114`	`114`	`SSL_EXTENSIONS* ext = ssl_ext_new();`
`115`	`115`	`ssl_ext_set_host_name(ext, hostName);`
`116`		`- ssl_ext_set_max_fragment_size(ext, 4096);`
`117`	`116`	`if (_ssl) {`
`118`	`117`	`/* Creating a new TLS session on top of a new TCP connection.`
`119`	`118`	`ssl_free will want to send a close notify alert, but the old TCP connection`