The branch master has been updated
via 65c76cd2c9e8da9468dd490b334e56c51dbef582 (commit)
from 12fca1afd227a0a750dab7fa51876c42d47ce670 (commit)
- Log -----------------------------------------------------------------
commit 65c76cd2c9e8da9468dd490b334e56c51dbef582
Author: Daniil Zotkin <[email protected]>
Date: Tue Sep 24 11:08:23 2019 +0300
Do not print extensions in Certificate message for TLS1.2 and lower
According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.
CLA: trivial
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/9994)
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_trce.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index a2cb4f7385..c55c172b88 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1242,8 +1242,9 @@ static int ssl_print_certificates(BIO *bio, const SSL
*ssl, int server,
while (clen > 0) {
if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
return 0;
- if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
- &msg, &clen))
+ if (SSL_IS_TLS13(ssl)
+ && !ssl_print_extensions(bio, indent + 2, server,
+ SSL3_MT_CERTIFICATE, &msg, &clen))
return 0;
}
