[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Apr 17 15:44:26 UTC 2018
The branch master has been updated
via ded4a83d31f8271e5a74e6fbf357f9975d4878ec (commit)
from a12de2cba83273b2a553f988716c231af7c9ba68 (commit)
- Log -----------------------------------------------------------------
commit ded4a83d31f8271e5a74e6fbf357f9975d4878ec
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 6 14:53:05 2018 +0100
Ignore the status_request extension in a resumption handshake
We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.
Fixes #1662
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5896)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions_srvr.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 90142eb..adf63d8 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -324,6 +324,10 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
{
PACKET responder_id_list, exts;
+ /* We ignore this in a resumption handshake */
+ if (s->hit)
+ return 1;
+
/* Not defined if we get one of these in a client Certificate */
if (x != NULL)
return 1;
More information about the openssl-commits
mailing list