[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Oct 19 14:28:31 UTC 2018
The branch master has been updated
via 2d015189b97c60b67e10aed320230357bf6b200f (commit)
from 079ef6bd534d2f708d8013cfcd8ea0d2f600c788 (commit)
- Log -----------------------------------------------------------------
commit 2d015189b97c60b67e10aed320230357bf6b200f
Author: Matt Caswell <matt at openssl.org>
Date: Thu Oct 18 14:45:59 2018 +0100
Don't complain and fail about unknown TLSv1.3 PSK identities in s_server
An unknown PSK identity could be because its actually a session resumption
attempt. Sessions resumptions and external PSKs are indistinguishable so
the callbacks need to fail gracefully if they don't recognise the identity.
Fixes #7433
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7434)
-----------------------------------------------------------------------
Summary of changes:
apps/s_server.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 6f2a2ae..ac7dca6 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
- BIO_printf(bio_s_out,
- "PSK warning: client identity not what we expected"
- " (got '%s' expected '%s')\n", identity, psk_identity);
+ *sess = NULL;
+ return 1;
}
if (psksess != NULL) {
More information about the openssl-commits
mailing list