[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Sep 7 10:24:54 UTC 2018
The branch master has been updated
via cd3b53b8f85ad66336936073d822b3315e0ddd4f (commit)
from 77890553760c6e675fee6d254cbdea2712eeb1e1 (commit)
- Log -----------------------------------------------------------------
commit cd3b53b8f85ad66336936073d822b3315e0ddd4f
Author: Matt Caswell <matt at openssl.org>
Date: Thu Sep 6 15:53:25 2018 +0100
Ensure certificate callbacks work correctly in TLSv1.3
The is_tls13_capable() function should not return 0 if no certificates
are configured directly because a certificate callback is present.
Fixes #7140
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7141)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_lib.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index adc8b98..508bb88 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1489,7 +1489,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
/*
* Only called by servers. Returns 1 if the server has a TLSv1.3 capable
- * certificate type, or has PSK configured. Otherwise returns 0.
+ * certificate type, or has PSK or a certificate callback configured. Otherwise
+ * returns 0.
*/
static int is_tls13_capable(const SSL *s)
{
@@ -1500,7 +1501,7 @@ static int is_tls13_capable(const SSL *s)
return 1;
#endif
- if (s->psk_find_session_cb != NULL)
+ if (s->psk_find_session_cb != NULL || s->cert->cert_cb != NULL)
return 1;
for (i = 0; i < SSL_PKEY_NUM; i++) {
More information about the openssl-commits
mailing list