The branch master has been updated via ded4a83d31f8271e5a74e6fbf357f9975d4878ec (commit) from a12de2cba83273b2a553f988716c231af7c9ba68 (commit)
- Log ----------------------------------------------------------------- commit ded4a83d31f8271e5a74e6fbf357f9975d4878ec Author: Matt Caswell <m...@openssl.org> Date: Fri Apr 6 14:53:05 2018 +0100 Ignore the status_request extension in a resumption handshake We cannot provide a certificate status on a resumption so we should ignore this extension in that case. Fixes #1662 Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5896) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions_srvr.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 90142eb..adf63d8 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -324,6 +324,10 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, { PACKET responder_id_list, exts; + /* We ignore this in a resumption handshake */ + if (s->hit) + return 1; + /* Not defined if we get one of these in a client Certificate */ if (x != NULL) return 1; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits