Do not print extensions in Certificate message for TLS1.2 and lower

According to RFC8446 CertificateEntry in Certificate message contains extensions that were not present in the Certificate message in RFC5246. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9994)
author: Daniil Zotkin <zotkin@rutoken.ru> 2019-09-24 11:08:23 +0300
committer: Pauli <paul.dale@oracle.com> 2019-10-03 10:29:49 +1000
commit: 65c76cd2c9e8da9468dd490b334e56c51dbef582 (patch)
tree: 5f20cc68aed1d3d8967128ac206b6236ce7bea15 /ssl
parent: 12fca1afd227a0a750dab7fa51876c42d47ce670 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index a2cb4f7385..c55c172b88 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1242,8 +1242,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
     while (clen > 0) {
         if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
             return 0;
-        if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
-                                  &msg, &clen))
+        if (SSL_IS_TLS13(ssl)
+            && !ssl_print_extensions(bio, indent + 2, server,
+                                     SSL3_MT_CERTIFICATE, &msg, &clen))
             return 0;
 
     }
author	Daniil Zotkin <zotkin@rutoken.ru>	2019-09-24 11:08:23 +0300
committer	Pauli <paul.dale@oracle.com>	2019-10-03 10:29:49 +1000
commit	65c76cd2c9e8da9468dd490b334e56c51dbef582 (patch)
tree	5f20cc68aed1d3d8967128ac206b6236ce7bea15 /ssl
parent	12fca1afd227a0a750dab7fa51876c42d47ce670 (diff)