openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Don't fail if the PSK identity doesn't match 

In 1.1.0 s_server if the PSK identity doesn't match what we have then
a warning is printed and we continue the connection anyway. In 1.1.1,
if TLSv1.3 is used and the identity doesn't match then we abort the
connection. We should really be consistent with the old behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6659)
This commit is contained in:
Matt Caswell 2018-07-06 09:16:51 +01:00
parent 0edb109f97
commit c9d6fdd6f7
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/s_server.c
View File

@ -192,8 +192,11 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
const SSL_CIPHER *cipher = NULL;
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0)
return 0;
|| memcmp(psk_identity, identity, identity_len) != 0) {
BIO_printf(bio_s_out,
"PSK warning: client identity not what we expected"
" (got '%s' expected '%s')\n", identity, psk_identity);
}
if (psksess != NULL) {
SSL_SESSION_up_ref(psksess);