Fix the s_server psk_server_cb for use in DTLS

Commit 0007ff257c added a protocol version check to psk_server_cb but failed to take account of DTLS causing DTLS based psk connections to fail. Fixes #16707 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/16838)
2021-10-14 17:31:36 +01:00 · 2021-10-14 17:31:36 +01:00 · 8b09a9c76d
parent f11c01a666
commit 8b09a9c76d
1 changed files with 5 additions and 5 deletions
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -131,12 +131,12 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
    if (s_debug)
        BIO_printf(bio_s_out, "psk_server_cb\n");

-    if (SSL_version(ssl) >= TLS1_3_VERSION) {
+    if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) {
        /*
-         * This callback is designed for use in TLSv1.2. It is possible to use
-         * a single callback for all protocol versions - but it is preferred to
-         * use a dedicated callback for TLSv1.3. For TLSv1.3 we have
-         * psk_find_session_cb.
+         * This callback is designed for use in (D)TLSv1.2 (or below). It is
+         * possible to use a single callback for all protocol versions - but it
+         * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we
+         * have psk_find_session_cb.
         */
        return 0;
    }