diff options
| author | beck <> | 2016-11-02 17:35:10 +0000 |
|---|---|---|
| committer | beck <> | 2016-11-02 17:35:10 +0000 |
| commit | 691c7a7f036fe91e54e6836e18ee2e0e172ebec5 (patch) | |
| tree | a977adb4d19f7aaba9ca82a5597211dcbb4a06f8 | |
| parent | 0f65ac7410a04163944f71c65b060203c2216fc0 (diff) | |
| download | openbsd-691c7a7f036fe91e54e6836e18ee2e0e172ebec5.tar.gz openbsd-691c7a7f036fe91e54e6836e18ee2e0e172ebec5.tar.bz2 openbsd-691c7a7f036fe91e54e6836e18ee2e0e172ebec5.zip | |
Ensure handshake is complete before processing an ocsp response for a ctx
ok jsing@
| -rw-r--r-- | src/lib/libtls/tls_ocsp.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c index 113ab0dd3d..0a3d50759f 100644 --- a/src/lib/libtls/tls_ocsp.c +++ b/src/lib/libtls/tls_ocsp.c | |||
| @@ -386,6 +386,9 @@ tls_ocsp_process_response(struct tls *ctx, const unsigned char *response, | |||
| 386 | int ret; | 386 | int ret; |
| 387 | OCSP_RESPONSE *resp; | 387 | OCSP_RESPONSE *resp; |
| 388 | 388 | ||
| 389 | if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) | ||
| 390 | return -1; | ||
| 391 | |||
| 389 | resp = d2i_OCSP_RESPONSE(NULL, &response, size); | 392 | resp = d2i_OCSP_RESPONSE(NULL, &response, size); |
| 390 | if (resp == NULL) { | 393 | if (resp == NULL) { |
| 391 | tls_ocsp_ctx_free(ctx->ocsp_ctx); | 394 | tls_ocsp_ctx_free(ctx->ocsp_ctx); |