s_server: warn about NO PSK identity hint in TLSv1.3

There is NO PSK identity hint in TLSv1.3 so output a warning message when inconsistent PSK / TLS options are mixed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11322)
author: EasySec <easy.sec@free.fr> 2020-03-12 14:38:38 +0100
committer: Tomas Mraz <tmraz@fedoraproject.org> 2020-03-20 18:07:18 +0100
commit: 9a1c170d6309bb814ba8d720503069337f628b32 (patch)
tree: 6aa09fe68c96bed3881fcc8eed8a84e68ffe3299 /apps/s_server.c
parent: 22e27978b29b2cdc1db79659ed653d6cf31834ab (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 4016270d54..0be414f890 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2093,10 +2093,16 @@ int s_server_main(int argc, char *argv[])
         SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
     }
 
-    if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
-        BIO_printf(bio_err, "error setting PSK identity hint to context\n");
-        ERR_print_errors(bio_err);
-        goto end;
+    if (psk_identity_hint != NULL) {
+        if (min_version == TLS1_3_VERSION) {
+            BIO_printf(bio_s_out, "PSK warning: there is NO identity hint in TLSv1.3\n");
+        } else {
+            if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
+                BIO_printf(bio_err, "error setting PSK identity hint to context\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
     }
 #endif
     if (psksessf != NULL) {
author	EasySec <easy.sec@free.fr>	2020-03-12 14:38:38 +0100
committer	Tomas Mraz <tmraz@fedoraproject.org>	2020-03-20 18:07:18 +0100
commit	9a1c170d6309bb814ba8d720503069337f628b32 (patch)
tree	6aa09fe68c96bed3881fcc8eed8a84e68ffe3299 /apps/s_server.c
parent	22e27978b29b2cdc1db79659ed653d6cf31834ab (diff)