wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SSL_get_peer_cert_chain() does not work after a resumption

Browse source 
After a resumption it is documented that SSL_get_peer_cert_chain() will
return NULL. In BoringSSL it still returns the chain. We don't support that
so we should update the shim to call SSL_get_peer_certificate() instead
when checking whether a peer certificate is available.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
This commit is contained in:
Matt Caswell 2017-03-14 17:27:46 +00:00
parent e29d7cea33
commit 162e120711
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
test/ossl_shim/ossl_shim.cc
View file

@ -857,7 +857,7 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) {
return false; return false;
} }
} else if (!config->is_server || config->require_any_client_certificate) { } else if (!config->is_server || config->require_any_client_certificate) {
if (SSL_get_peer_cert_chain(ssl) == nullptr) { if (SSL_get_peer_certificate(ssl) == nullptr) {
fprintf(stderr, "Received no peer certificate but expected one.\n"); fprintf(stderr, "Received no peer certificate but expected one.\n");
return false; return false;
} }