projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Don't complain and fail about unknown TLSv1.3 PSK identities in s_server
[openssl.git]
/
apps
/
s_server.c
diff --git
a/apps/s_server.c
b/apps/s_server.c
index 94c18266f73676152423de509667662921aa7dfc..ac7dca607ba471f7fc90c72b43acda28ecf265ed 100644
(file)
--- a/
apps/s_server.c
+++ b/
apps/s_server.c
@@
-193,9
+193,8
@@
static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
- BIO_printf(bio_s_out,
- "PSK warning: client identity not what we expected"
- " (got '%s' expected '%s')\n", identity, psk_identity);
+ *sess = NULL;
+ return 1;
}
if (psksess != NULL) {
}
if (psksess != NULL) {
@@
-1622,6
+1621,11
@@
int s_server_main(int argc, char *argv[])
goto end;
}
#endif
goto end;
}
#endif
+ if (early_data && (www > 0 || rev)) {
+ BIO_printf(bio_err,
+ "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
+ goto end;
+ }
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {
@@
-2968,8
+2972,10
@@
static int www_body(int s, int stype, int prot, unsigned char *context)
if (context != NULL
&& !SSL_set_session_id_context(con, context,
if (context != NULL
&& !SSL_set_session_id_context(con, context,
- strlen((char *)context)))
+ strlen((char *)context))) {
+ SSL_free(con);
goto err;
goto err;
+ }
sbio = BIO_new_socket(s, BIO_NOCLOSE);
if (s_nbio_test) {
sbio = BIO_new_socket(s, BIO_NOCLOSE);
if (s_nbio_test) {
@@
-2981,7
+2987,7
@@
static int www_body(int s, int stype, int prot, unsigned char *context)
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
- /*
SSL_set_fd(con,s);
*/
+ /*
No need to free |con| after this. Done by BIO_free(ssl_bio)
*/
BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio);
#ifdef CHARSET_EBCDIC
BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio);
#ifdef CHARSET_EBCDIC
@@
-3337,6
+3343,7
@@
static int rev_body(int s, int stype, int prot, unsigned char *context)
if (context != NULL
&& !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
if (context != NULL
&& !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
+ SSL_free(con);
ERR_print_errors(bio_err);
goto err;
}
ERR_print_errors(bio_err);
goto err;
}
@@
-3345,6
+3352,7
@@
static int rev_body(int s, int stype, int prot, unsigned char *context)
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
+ /* No need to free |con| after this. Done by BIO_free(ssl_bio) */
BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio);
#ifdef CHARSET_EBCDIC
BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio);
#ifdef CHARSET_EBCDIC