QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-30 03:34:39 +00:00
Code Issues Projects Releases Wiki Activity

Don't complain and fail about unknown TLSv1.3 PSK identities in s_server

Browse Source 
An unknown PSK identity could be because its actually a session resumption
attempt. Sessions resumptions and external PSKs are indistinguishable so
the callbacks need to fail gracefully if they don't recognise the identity.

Fixes #7433

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7434)
This commit is contained in:
Matt Caswell 2018-10-18 14:45:59 +01:00
parent 079ef6bd53
commit 2d015189b9
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/s_server.c
View File

@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
if (strlen(psk_identity) != identity_len if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) { || memcmp(psk_identity, identity, identity_len) != 0) {
BIO_printf(bio_s_out, *sess = NULL;
"PSK warning: client identity not what we expected" return 1;
" (got '%s' expected '%s')\n", identity, psk_identity);
} }
if (psksess != NULL) { if (psksess != NULL) {