The branch OpenSSL_1_1_1-stable has been updated via 8c6371f9f7ff7e54bc204867f809368f3a7f0e17 (commit) from d1bfd8076e28b134f7d6a03611e60381b522c1c9 (commit)
- Log ----------------------------------------------------------------- commit 8c6371f9f7ff7e54bc204867f809368f3a7f0e17 Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 18 14:45:59 2018 +0100 Don't complain and fail about unknown TLSv1.3 PSK identities in s_server An unknown PSK identity could be because its actually a session resumption attempt. Sessions resumptions and external PSKs are indistinguishable so the callbacks need to fail gracefully if they don't recognise the identity. Fixes #7433 Reviewed-by: Tim Hudson <t...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7434) (cherry picked from commit 2d015189b97c60b67e10aed320230357bf6b200f) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 6f2a2ae..ac7dca6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, if (strlen(psk_identity) != identity_len || memcmp(psk_identity, identity, identity_len) != 0) { - BIO_printf(bio_s_out, - "PSK warning: client identity not what we expected" - " (got '%s' expected '%s')\n", identity, psk_identity); + *sess = NULL; + return 1; } if (psksess != NULL) { _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits