diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-09-14 17:58:04 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-09-14 19:52:27 +0100 |
| commit | df6da24bda457b724ba3e894e6c329a9b93d536f (patch) | |
| tree | 3296a79122416d0d6dd31c6268ad6c92ba2fa2f1 /ssl/s3_srvr.c | |
| parent | aabd49232025807babe995006a46c4c7815ce868 (diff) | |
Fix PSK identity hint handling.
For server use a PSK identity hint value in the CERT structure which
is inherited when SSL_new is called and which allows applications to
set hints on a per-SSL basis. The previous version of
SSL_use_psk_identity_hint tried (wrongly) to use the SSL_SESSION structure.
PR#4039
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/s3_srvr.c')
| -rw-r--r-- | ssl/s3_srvr.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ec09840d5b..e864ad1580 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -444,7 +444,7 @@ int ssl3_accept(SSL *s) */ #ifndef OPENSSL_NO_PSK /* Only send SKE if we have identity hint for plain PSK */ - || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) && s->ctx->psk_identity_hint) + || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) && s->cert->psk_identity_hint) /* For other PSK always send SKE */ || (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK))) #endif @@ -1708,8 +1708,8 @@ int ssl3_send_server_key_exchange(SSL *s) * reserve size for record length and PSK identity hint */ n += 2; - if (s->ctx->psk_identity_hint) - n += strlen(s->ctx->psk_identity_hint); + if (s->cert->psk_identity_hint) + n += strlen(s->cert->psk_identity_hint); } /* Plain PSK or RSAPSK nothing to do */ if (type & (SSL_kPSK | SSL_kRSAPSK)) { @@ -1991,11 +1991,11 @@ int ssl3_send_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (type & SSL_PSK) { /* copy PSK identity hint */ - if (s->ctx->psk_identity_hint) { - s2n(strlen(s->ctx->psk_identity_hint), p); - strncpy((char *)p, s->ctx->psk_identity_hint, - strlen(s->ctx->psk_identity_hint)); - p += strlen(s->ctx->psk_identity_hint); + if (s->cert->psk_identity_hint) { + s2n(strlen(s->cert->psk_identity_hint), p); + strncpy((char *)p, s->cert->psk_identity_hint, + strlen(s->cert->psk_identity_hint)); + p += strlen(s->cert->psk_identity_hint); } else { s2n(0, p); } |