The branch OpenSSL_1_1_1-stable has been updated
via 0ad7578822b188447b1946e65a0ec4b5b07ead3f (commit)
from b28d41afbfebd8c668ee039d10d1a0edbed09dba (commit)
- Log -----------------------------------------------------------------
commit 0ad7578822b188447b1946e65a0ec4b5b07ead3f
Author: Matt Caswell <m...@openssl.org>
Date: Thu Oct 14 17:31:36 2021 +0100
Fix the s_server psk_server_cb for use in DTLS
Commit 0007ff257c added a protocol version check to psk_server_cb but
failed to take account of DTLS causing DTLS based psk connections to
fail.
Fixes #16707
Reviewed-by: Ben Kaduk <ka...@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16838)
(cherry picked from commit 8b09a9c76d873f62c2507fa9628a9c96c1d66d5c)
-----------------------------------------------------------------------
Summary of changes:
apps/s_server.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 938e244222..64d53e68d0 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -134,12 +134,12 @@ static unsigned int psk_server_cb(SSL *ssl, const char
*identity,
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");
- if (SSL_version(ssl) >= TLS1_3_VERSION) {
+ if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) {
/*
- * This callback is designed for use in TLSv1.2. It is possible to use
- * a single callback for all protocol versions - but it is preferred to
- * use a dedicated callback for TLSv1.3. For TLSv1.3 we have
- * psk_find_session_cb.
+ * This callback is designed for use in (D)TLSv1.2 (or below). It is
+ * possible to use a single callback for all protocol versions - but it
+ * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we
+ * have psk_find_session_cb.
*/
return 0;
}
