[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue Apr 17 15:50:11 UTC 2018
The branch OpenSSL_1_0_2-stable has been updated
via 1084fc8f0086cece8ae1a1e9f484d30fdff25192 (commit)
from 349a41da1ad88ad87825414752a8ff5fdd6a6c3f (commit)
- Log -----------------------------------------------------------------
commit 1084fc8f0086cece8ae1a1e9f484d30fdff25192
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 6 14:33:07 2018 +0100
Ignore the status_request extension in a resumption handshake
We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.
Fixes #1662
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5898)
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_lib.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 75c2f41..179802c 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2408,8 +2408,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
goto err;
if (!tls1_save_sigalgs(s, data, dsize))
goto err;
- } else if (type == TLSEXT_TYPE_status_request) {
-
+ } else if (type == TLSEXT_TYPE_status_request && !s->hit) {
if (size < 5)
goto err;
More information about the openssl-commits
mailing list