The branch OpenSSL_1_1_0-stable has been updated
via af2d06d245cd97de891213bb4c9e0f4b6dbe3bfb (commit)
from 69712507e73437553790ccac6f19a9ded996c0cd (commit)
- Log -----------------------------------------------------------------
commit af2d06d245cd97de891213bb4c9e0f4b6dbe3bfb
Author: Matt Caswell <m...@openssl.org>
Date: Fri Apr 6 14:33:07 2018 +0100
Ignore the status_request extension in a resumption handshake
We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.
Fixes #1662
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Ben Kaduk <ka...@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5897)
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_lib.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dc4e652..5ba7377 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2156,6 +2156,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET
*pkt, int *al)
}
}
} else if (type == TLSEXT_TYPE_status_request) {
+ /* Ignore this if resuming */
+ if (s->hit)
+ continue;
+
if (!PACKET_get_1(&extension,
(unsigned int *)&s->tlsext_status_type)) {
return 0;
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
