diff options
author | Matt Caswell <matt@openssl.org> | 2018-04-06 14:53:05 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-04-17 16:41:01 +0100 |
commit | ded4a83d31f8271e5a74e6fbf357f9975d4878ec (patch) | |
tree | 0c216d386113fde26a2e57e8ad03325c5879a1e2 /ssl | |
parent | a12de2cba83273b2a553f988716c231af7c9ba68 (diff) |
Ignore the status_request extension in a resumption handshake
We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.
Fixes #1662
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5896)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/extensions_srvr.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 90142eb505..adf63d80bf 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -324,6 +324,10 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, { PACKET responder_id_list, exts; + /* We ignore this in a resumption handshake */ + if (s->hit) + return 1; + /* Not defined if we get one of these in a client Certificate */ if (x != NULL) return 1; |