projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Tighten up client status_request processing
[openssl.git] / ssl / statem / extensions_clnt.c
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 23dc8d3363b719f653fb3caf0509c5cd0a5b7a9a..d40c9cee11e826fbfae48e774ba2d2d23c140bfe 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -102,10 +102,10 @@ static int use_ecc(SSL *s)
         if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
                 || (alg_a & SSL_aECDSA)
                 || c->min_tls >= TLS1_3_VERSION)
-            break;
+            return 1;
     }
 
-    return i < end;
+    return 0;
 }
 
 int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context,
@@ -658,6 +658,7 @@ int tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
     ret = 1;
  end:
     OPENSSL_free(s->ext.tls13_cookie);
+    s->ext.tls13_cookie = NULL;
     s->ext.tls13_cookie_len = 0;
 
     return ret;
@@ -1015,7 +1016,7 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
      * MUST only be sent if we've requested a status
      * request message. In TLS <= 1.2 it must also be empty.
      */
-    if (s->ext.status_type == TLSEXT_STATUSTYPE_nothing
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp
             || (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0)) {
         *al = SSL_AD_UNSUPPORTED_EXTENSION;
         return 0;
Unnamed repository; edit this file 'description' to name the repository.