The branch master has been updated via 8b09a9c76d873f62c2507fa9628a9c96c1d66d5c (commit) from f11c01a666e9d5b97e859cbc74586802549dee00 (commit)
- Log ----------------------------------------------------------------- commit 8b09a9c76d873f62c2507fa9628a9c96c1d66d5c Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 14 17:31:36 2021 +0100 Fix the s_server psk_server_cb for use in DTLS Commit 0007ff257c added a protocol version check to psk_server_cb but failed to take account of DTLS causing DTLS based psk connections to fail. Fixes #16707 Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/16838) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 9f448298f0..0003f7a2a6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -131,12 +131,12 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, if (s_debug) BIO_printf(bio_s_out, "psk_server_cb\n"); - if (SSL_version(ssl) >= TLS1_3_VERSION) { + if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) { /* - * This callback is designed for use in TLSv1.2. It is possible to use - * a single callback for all protocol versions - but it is preferred to - * use a dedicated callback for TLSv1.3. For TLSv1.3 we have - * psk_find_session_cb. + * This callback is designed for use in (D)TLSv1.2 (or below). It is + * possible to use a single callback for all protocol versions - but it + * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we + * have psk_find_session_cb. */ return 0; }