[openssl] openssl-3.0 update

Matt Caswell matt at openssl.org
Fri Oct 22 10:20:17 UTC 2021


The branch openssl-3.0 has been updated
       via  fd7c2ff23c65eb8b06ae2d9d600d6e3301d98aaf (commit)
      from  d49d1c120dac5349df0bb36960bc914e211368bd (commit)


- Log -----------------------------------------------------------------
commit fd7c2ff23c65eb8b06ae2d9d600d6e3301d98aaf
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Oct 14 17:31:36 2021 +0100

    Fix the s_server psk_server_cb for use in DTLS
    
    Commit 0007ff257c added a protocol version check to psk_server_cb but
    failed to take account of DTLS causing DTLS based psk connections to
    fail.
    
    Fixes #16707
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/16838)
    
    (cherry picked from commit 8b09a9c76d873f62c2507fa9628a9c96c1d66d5c)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_server.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index c5d9221e90..0e71c161ef 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -131,12 +131,12 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
     if (s_debug)
         BIO_printf(bio_s_out, "psk_server_cb\n");
 
-    if (SSL_version(ssl) >= TLS1_3_VERSION) {
+    if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) {
         /*
-         * This callback is designed for use in TLSv1.2. It is possible to use
-         * a single callback for all protocol versions - but it is preferred to
-         * use a dedicated callback for TLSv1.3. For TLSv1.3 we have
-         * psk_find_session_cb.
+         * This callback is designed for use in (D)TLSv1.2 (or below). It is
+         * possible to use a single callback for all protocol versions - but it
+         * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we
+         * have psk_find_session_cb.
          */
         return 0;
     }


More information about the openssl-commits mailing list