openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

s_server: warn about NO PSK identity hint in TLSv1.3 

There is NO PSK identity hint in TLSv1.3 so output a warning message
when inconsistent PSK / TLS options are mixed.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11322)
This commit is contained in:
EasySec 2020-03-12 14:38:38 +01:00 committed by Tomas Mraz
parent 22e27978b2
commit 9a1c170d63
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/s_server.c
View File

@ -2093,10 +2093,16 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
}
if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
BIO_printf(bio_err, "error setting PSK identity hint to context\n");
ERR_print_errors(bio_err);
goto end;
if (psk_identity_hint != NULL) {
if (min_version == TLS1_3_VERSION) {
BIO_printf(bio_s_out, "PSK warning: there is NO identity hint in TLSv1.3\n");
} else {
if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
BIO_printf(bio_err, "error setting PSK identity hint to context\n");
ERR_print_errors(bio_err);
goto end;
}
}
}
#endif
if (psksessf != NULL) {