[openssl] OpenSSL_1_1_1-stable update
Dr. Paul Dale
pauli at openssl.org
Thu Oct 3 00:31:10 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 51f879a31f926ba12b783c68f4ba9e4ee490145f (commit)
from 9e2747646de3de12179a2635da9f6c76ab0ed6fb (commit)
- Log -----------------------------------------------------------------
commit 51f879a31f926ba12b783c68f4ba9e4ee490145f
Author: Daniil Zotkin <zotkin at rutoken.ru>
Date: Tue Sep 24 11:08:23 2019 +0300
Do not print extensions in Certificate message for TLS1.2 and lower
According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.
CLA: trivial
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9994)
(cherry picked from commit 65c76cd2c9e8da9468dd490b334e56c51dbef582)
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_trce.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 0559fba9d9..5c84339314 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1246,8 +1246,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
while (clen > 0) {
if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
return 0;
- if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
- &msg, &clen))
+ if (SSL_IS_TLS13(ssl)
+ && !ssl_print_extensions(bio, indent + 2, server,
+ SSL3_MT_CERTIFICATE, &msg, &clen))
return 0;
}
More information about the openssl-commits
mailing list