mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Do not print extensions in Certificate message for TLS1.2 and lower

Browse Source 
According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9994)
This commit is contained in:
Daniil Zotkin 2019-09-24 11:08:23 +03:00 committed by Pauli
parent 12fca1afd2
commit 65c76cd2c9
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/t1_trce.c
View File

@ -1242,8 +1242,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
while (clen > 0) {
if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
return 0;
if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
&msg, &clen))
if (SSL_IS_TLS13(ssl)
&& !ssl_print_extensions(bio, indent + 2, server,
SSL3_MT_CERTIFICATE, &msg, &clen))
return 0;
}