projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6971250)
Ignore the status_request extension in a resumption handshake
authorMatt Caswell <matt@openssl.org>
Fri, 6 Apr 2018 13:33:07 +0000 (14:33 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 17 Apr 2018 15:45:02 +0000 (16:45 +0100)
We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.

Fixes #1662

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5897)

ssl/t1_lib.c patch | blob | history

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dc4e6526d6d672451536307d6585d7747d72a82a..5ba7377fe3d1c7fa7e33d061db99e0ae8344418d 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2156,6 +2156,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
                 }
             }
         } else if (type == TLSEXT_TYPE_status_request) {
+            /* Ignore this if resuming */
+            if (s->hit)
+                continue;
+
             if (!PACKET_get_1(&extension,
                               (unsigned int *)&s->tlsext_status_type)) {
                 return 0;
Unnamed repository; edit this file 'description' to name the repository.