The branch master has been updated
via ded4a83d31f8271e5a74e6fbf357f9975d4878ec (commit)
from a12de2cba83273b2a553f988716c231af7c9ba68 (commit)
- Log -----------------------------------------------------------------
commit ded4a83d31f8271e5a74e6fbf357f9975d4878ec
Author: Matt Caswell <[email protected]>
Date: Fri Apr 6 14:53:05 2018 +0100
Ignore the status_request extension in a resumption handshake
We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.
Fixes #1662
Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Ben Kaduk <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/5896)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions_srvr.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 90142eb..adf63d8 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -324,6 +324,10 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt,
unsigned int context,
{
PACKET responder_id_list, exts;
+ /* We ignore this in a resumption handshake */
+ if (s->hit)
+ return 1;
+
/* Not defined if we get one of these in a client Certificate */
if (x != NULL)
return 1;
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
