diff options
author | Daniil Zotkin <zotkin@rutoken.ru> | 2019-09-24 11:08:23 +0300 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2019-10-03 10:30:57 +1000 |
commit | 51f879a31f926ba12b783c68f4ba9e4ee490145f (patch) | |
tree | 587289969b15637d2a9ae411ccd8d1b2be68088d /ssl | |
parent | 9e2747646de3de12179a2635da9f6c76ab0ed6fb (diff) |
Do not print extensions in Certificate message for TLS1.2 and lower
According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9994)
(cherry picked from commit 65c76cd2c9e8da9468dd490b334e56c51dbef582)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_trce.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 0559fba9d9..5c84339314 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1246,8 +1246,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, while (clen > 0) { if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) return 0; - if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE, - &msg, &clen)) + if (SSL_IS_TLS13(ssl) + && !ssl_print_extensions(bio, indent + 2, server, + SSL3_MT_CERTIFICATE, &msg, &clen)) return 0; } |