[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Tue Apr 17 15:50:11 UTC 2018


The branch OpenSSL_1_0_2-stable has been updated
       via  1084fc8f0086cece8ae1a1e9f484d30fdff25192 (commit)
      from  349a41da1ad88ad87825414752a8ff5fdd6a6c3f (commit)


- Log -----------------------------------------------------------------
commit 1084fc8f0086cece8ae1a1e9f484d30fdff25192
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 6 14:33:07 2018 +0100

    Ignore the status_request extension in a resumption handshake
    
    We cannot provide a certificate status on a resumption so we should
    ignore this extension in that case.
    
    Fixes #1662
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5898)

-----------------------------------------------------------------------

Summary of changes:
 ssl/t1_lib.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 75c2f41..179802c 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2408,8 +2408,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
                 goto err;
             if (!tls1_save_sigalgs(s, data, dsize))
                 goto err;
-        } else if (type == TLSEXT_TYPE_status_request) {
-
+        } else if (type == TLSEXT_TYPE_status_request && !s->hit) {
             if (size < 5)
                 goto err;
 


More information about the openssl-commits mailing list