The branch OpenSSL_1_1_0-stable has been updated via af2d06d245cd97de891213bb4c9e0f4b6dbe3bfb (commit) from 69712507e73437553790ccac6f19a9ded996c0cd (commit)
- Log ----------------------------------------------------------------- commit af2d06d245cd97de891213bb4c9e0f4b6dbe3bfb Author: Matt Caswell <m...@openssl.org> Date: Fri Apr 6 14:33:07 2018 +0100 Ignore the status_request extension in a resumption handshake We cannot provide a certificate status on a resumption so we should ignore this extension in that case. Fixes #1662 Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5897) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index dc4e652..5ba7377 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2156,6 +2156,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) } } } else if (type == TLSEXT_TYPE_status_request) { + /* Ignore this if resuming */ + if (s->hit) + continue; + if (!PACKET_get_1(&extension, (unsigned int *)&s->tlsext_status_type)) { return 0; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits