summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniil Zotkin <zotkin@rutoken.ru>2019-09-24 11:08:23 +0300
committerPauli <paul.dale@oracle.com>2019-10-03 10:29:49 +1000
commit65c76cd2c9e8da9468dd490b334e56c51dbef582 (patch)
tree5f20cc68aed1d3d8967128ac206b6236ce7bea15
parent12fca1afd227a0a750dab7fa51876c42d47ce670 (diff)
Do not print extensions in Certificate message for TLS1.2 and lower
According to RFC8446 CertificateEntry in Certificate message contains extensions that were not present in the Certificate message in RFC5246. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9994)
Diffstat
-rw-r--r--ssl/t1_trce.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index a2cb4f7385..c55c172b88 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1242,8 +1242,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
while (clen > 0) {
if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
return 0;
- if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
- &msg, &clen))
+ if (SSL_IS_TLS13(ssl)
+ && !ssl_print_extensions(bio, indent + 2, server,
+ SSL3_MT_CERTIFICATE, &msg, &clen))
return 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-13 00:21:19 +0000