Don't complain and fail about unknown TLSv1.3 PSK identities in s_server

An unknown PSK identity could be because its actually a session resumption attempt. Sessions resumptions and external PSKs are indistinguishable so the callbacks need to fail gracefully if they don't recognise the identity. Fixes #7433 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7434) (cherry picked from commit 2d015189b97c60b67e10aed320230357bf6b200f)
author: Matt Caswell <matt@openssl.org> 2018-10-18 14:45:59 +0100
committer: Matt Caswell <matt@openssl.org> 2018-10-19 15:24:14 +0100
commit: 8c6371f9f7ff7e54bc204867f809368f3a7f0e17 (patch)
tree: b348c39ceabe2f8b32b0c7dc1d47b7a7282f3764 /apps
parent: d1bfd8076e28b134f7d6a03611e60381b522c1c9 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 6f2a2ae8e2..ac7dca607b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
 
     if (strlen(psk_identity) != identity_len
             || memcmp(psk_identity, identity, identity_len) != 0) {
-        BIO_printf(bio_s_out,
-                   "PSK warning: client identity not what we expected"
-                   " (got '%s' expected '%s')\n", identity, psk_identity);
+        *sess = NULL;
+        return 1;
     }
 
     if (psksess != NULL) {
author	Matt Caswell <matt@openssl.org>	2018-10-18 14:45:59 +0100
committer	Matt Caswell <matt@openssl.org>	2018-10-19 15:24:14 +0100
commit	8c6371f9f7ff7e54bc204867f809368f3a7f0e17 (patch)
tree	b348c39ceabe2f8b32b0c7dc1d47b7a7282f3764 /apps
parent	d1bfd8076e28b134f7d6a03611e60381b522c1c9 (diff)