[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Tue Apr 17 15:46:51 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via af2d06d245cd97de891213bb4c9e0f4b6dbe3bfb (commit)
from 69712507e73437553790ccac6f19a9ded996c0cd (commit)
- Log -----------------------------------------------------------------
commit af2d06d245cd97de891213bb4c9e0f4b6dbe3bfb
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 6 14:33:07 2018 +0100
Ignore the status_request extension in a resumption handshake
We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.
Fixes #1662
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5897)
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_lib.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dc4e652..5ba7377 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2156,6 +2156,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
}
}
} else if (type == TLSEXT_TYPE_status_request) {
+ /* Ignore this if resuming */
+ if (s->hit)
+ continue;
+
if (!PACKET_get_1(&extension,
(unsigned int *)&s->tlsext_status_type)) {
return 0;
More information about the openssl-commits
mailing list