[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Fri Mar 20 17:09:08 UTC 2020
The branch master has been updated
via 9a1c170d6309bb814ba8d720503069337f628b32 (commit)
from 22e27978b29b2cdc1db79659ed653d6cf31834ab (commit)
- Log -----------------------------------------------------------------
commit 9a1c170d6309bb814ba8d720503069337f628b32
Author: EasySec <easy.sec at free.fr>
Date: Thu Mar 12 14:38:38 2020 +0100
s_server: warn about NO PSK identity hint in TLSv1.3
There is NO PSK identity hint in TLSv1.3 so output a warning message
when inconsistent PSK / TLS options are mixed.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11322)
-----------------------------------------------------------------------
Summary of changes:
apps/s_server.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 4016270d54..0be414f890 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2093,10 +2093,16 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
}
- if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
- BIO_printf(bio_err, "error setting PSK identity hint to context\n");
- ERR_print_errors(bio_err);
- goto end;
+ if (psk_identity_hint != NULL) {
+ if (min_version == TLS1_3_VERSION) {
+ BIO_printf(bio_s_out, "PSK warning: there is NO identity hint in TLSv1.3\n");
+ } else {
+ if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
+ BIO_printf(bio_err, "error setting PSK identity hint to context\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
}
#endif
if (psksessf != NULL) {
More information about the openssl-commits
mailing list