wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ensure certificate callbacks work correctly in TLSv1.3

Browse source 
The is_tls13_capable() function should not return 0 if no certificates
are configured directly because a certificate callback is present.

Fixes #7140

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7141)
This commit is contained in:
Matt Caswell 2018-09-06 15:53:25 +01:00
parent 7789055376
commit cd3b53b8f8
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ssl/statem/statem_lib.c
View file

@ -1489,7 +1489,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
/*
* Only called by servers. Returns 1 if the server has a TLSv1.3 capable
* certificate type, or has PSK configured. Otherwise returns 0.
* certificate type, or has PSK or a certificate callback configured. Otherwise
* returns 0.
*/
static int is_tls13_capable(const SSL *s)
{
@ -1500,7 +1501,7 @@ static int is_tls13_capable(const SSL *s)
return 1;
#endif
if (s->psk_find_session_cb != NULL)
if (s->psk_find_session_cb != NULL || s->cert->cert_cb != NULL)
return 1;
for (i = 0; i < SSL_PKEY_NUM; i++) {