Ignore the status_request extension in a resumption handshake

We cannot provide a certificate status on a resumption so we should ignore this extension in that case. Fixes #1662 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5896)
author: Matt Caswell <matt@openssl.org> 2018-04-06 14:53:05 +0100
committer: Matt Caswell <matt@openssl.org> 2018-04-17 16:41:01 +0100
commit: ded4a83d31f8271e5a74e6fbf357f9975d4878ec (patch)
tree: 0c216d386113fde26a2e57e8ad03325c5879a1e2 /ssl
parent: a12de2cba83273b2a553f988716c231af7c9ba68 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 90142eb505..adf63d80bf 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -324,6 +324,10 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
 {
     PACKET responder_id_list, exts;
 
+    /* We ignore this in a resumption handshake */
+    if (s->hit)
+        return 1;
+
     /* Not defined if we get one of these in a client Certificate */
     if (x != NULL)
         return 1;
author	Matt Caswell <matt@openssl.org>	2018-04-06 14:53:05 +0100
committer	Matt Caswell <matt@openssl.org>	2018-04-17 16:41:01 +0100
commit	ded4a83d31f8271e5a74e6fbf357f9975d4878ec (patch)
tree	0c216d386113fde26a2e57e8ad03325c5879a1e2 /ssl
parent	a12de2cba83273b2a553f988716c231af7c9ba68 (diff)