diff options
author | EasySec <easy.sec@free.fr> | 2020-03-12 14:38:38 +0100 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-03-20 18:07:18 +0100 |
commit | 9a1c170d6309bb814ba8d720503069337f628b32 (patch) | |
tree | 6aa09fe68c96bed3881fcc8eed8a84e68ffe3299 /apps/s_server.c | |
parent | 22e27978b29b2cdc1db79659ed653d6cf31834ab (diff) |
s_server: warn about NO PSK identity hint in TLSv1.3
There is NO PSK identity hint in TLSv1.3 so output a warning message
when inconsistent PSK / TLS options are mixed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11322)
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 4016270d54..0be414f890 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2093,10 +2093,16 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); } - if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) { - BIO_printf(bio_err, "error setting PSK identity hint to context\n"); - ERR_print_errors(bio_err); - goto end; + if (psk_identity_hint != NULL) { + if (min_version == TLS1_3_VERSION) { + BIO_printf(bio_s_out, "PSK warning: there is NO identity hint in TLSv1.3\n"); + } else { + if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) { + BIO_printf(bio_err, "error setting PSK identity hint to context\n"); + ERR_print_errors(bio_err); + goto end; + } + } } #endif if (psksessf != NULL) { |