diff options
author | Matt Caswell <matt@openssl.org> | 2017-06-16 16:26:25 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-06-21 14:45:35 +0100 |
commit | dc87d5a92288df394f5a887be5c788a530992185 (patch) | |
tree | 1320a450ef1ce05133b4fe853808ad1dbb8ec4e2 | |
parent | 801d9fbd97e5f29b19851562a72b8be4c5fd0783 (diff) |
Tweak the client side PSK callback
Ensure that we properly distinguish between successful return (PSK
provided), successful return (no PSK provided) and failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
-rw-r--r-- | apps/s_client.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index df33e0a596..71e4c1f01f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -203,6 +203,9 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md, if (cipher == NULL) { /* Doesn't look like a suitable TLSv1.3 key. Ignore it */ OPENSSL_free(key); + *id = NULL; + *idlen = 0; + *sess = NULL; return 0; } usesess = SSL_SESSION_new(); @@ -221,13 +224,17 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md, if (cipher == NULL) goto err; - if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md) - goto err; - - *sess = usesess; - - *id = (unsigned char *)psk_identity; - *idlen = strlen(psk_identity); + if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md) { + /* PSK not usable, ignore it */ + *id = NULL; + *idlen = 0; + *sess = NULL; + SSL_SESSION_free(usesess); + } else { + *sess = usesess; + *id = (unsigned char *)psk_identity; + *idlen = strlen(psk_identity); + } return 1; |