Fix trace of TLSv1.3 Certificate Request message
authorMatt Caswell <matt@openssl.org>
Tue, 2 Jan 2018 15:51:23 +0000 (15:51 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 2 Jan 2018 15:51:23 +0000 (15:51 +0000)
A TLSv1.3 Certificate Request message was issuing a "Message length parse
error" using the -trace option to s_server/s_client.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5008)

ssl/t1_trce.c

index 59d0efc..173268c 100644 (file)
@@ -1244,6 +1244,10 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
     if (SSL_IS_TLS13(ssl)) {
         if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen))
             return 0;
+        if (!ssl_print_extensions(bio, indent, 1,
+                                  SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen))
+            return 0;
+        return 1;
     } else {
         if (msglen < 1)
             return 0;