projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
If we have no suitable PSK kex modes then don't attempt to resume
[openssl.git] / ssl / statem / extensions_srvr.c
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 407b48c6715c09a5d34c8686b90adfafc71cb517..41dd5b6fbb602dbccf4001228ce721604d14c005 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -687,6 +687,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
     unsigned int id, i;
     const EVP_MD *md = NULL;
 
+    /*
+     * If we have no PSK kex mode that we recognise then we can't resume so
+     * ignore this extension
+     */
+    if ((s->ext.psk_kex_mode
+            & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0)
+        return 1;
+
     if (!PACKET_get_length_prefixed_2(pkt, &identities)) {
         *al = SSL_AD_DECODE_ERROR;
         return 0;
Unnamed repository; edit this file 'description' to name the repository.