diff options
author | Daniil Zotkin <zotkin@rutoken.ru> | 2019-09-24 11:08:23 +0300 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2019-10-03 10:29:49 +1000 |
commit | 65c76cd2c9e8da9468dd490b334e56c51dbef582 (patch) | |
tree | 5f20cc68aed1d3d8967128ac206b6236ce7bea15 /ssl | |
parent | 12fca1afd227a0a750dab7fa51876c42d47ce670 (diff) |
Do not print extensions in Certificate message for TLS1.2 and lower
According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9994)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_trce.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index a2cb4f7385..c55c172b88 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1242,8 +1242,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, while (clen > 0) { if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) return 0; - if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE, - &msg, &clen)) + if (SSL_IS_TLS13(ssl) + && !ssl_print_extensions(bio, indent + 2, server, + SSL3_MT_CERTIFICATE, &msg, &clen)) return 0; } |