RFC 6066 section 8 allows the server MAY choose not send the CertificateStatus

message, even if it has received a "status_request" extension in the client hello message and has sent a "status_request" extention in the server hello message. Genua found a site that is this broken. This makes it work. ok jsing@
author: beck <> 2021-09-02 08:51:56 +0000
committer: beck <> 2021-09-02 08:51:56 +0000
commit: 032a922b0ec803ebabe7fc26e2ff44d5f29b799b (patch)
tree: 7862c94649f8ca7fb3ff75b1dea8b4356fe54c37 /src/lib
parent: 8ba36b11f23621d3529492cb644624eeca25b1f9 (diff)
download: openbsd-032a922b0ec803ebabe7fc26e2ff44d5f29b799b.tar.gz
openbsd-032a922b0ec803ebabe7fc26e2ff44d5f29b799b.tar.bz2
openbsd-032a922b0ec803ebabe7fc26e2ff44d5f29b799b.zip
1 files changed, 37 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 519e823354..7ceb866573 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.108 2021/08/30 19:25:43 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.109 2021/09/02 08:51:56 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1839,11 +1839,45 @@ ssl3_get_cert_status(SSL *s)
        uint8_t                  status_type;
        n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
-            SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
+            SSL3_ST_CR_CERT_STATUS_B, -1, 16384, &ok);
-            16384, &ok);
        if (!ok)
                return ((int)n);
+        if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
+                /*
+                 * Tell the callback the server did not send us an OSCP
+                 * response, and has decided to head directly to key exchange.
+                 */
+                if (s->ctx->internal->tlsext_status_cb) {
+                        int ret;
+                        free(s->internal->tlsext_ocsp_resp);
+                        s->internal->tlsext_ocsp_resp = NULL;
+                        s->internal->tlsext_ocsp_resp_len = 0;
+                        ret = s->ctx->internal->tlsext_status_cb(s,
+                            s->ctx->internal->tlsext_status_arg);
+                        if (ret == 0) {
+                                al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+                                SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
+                                goto fatal_err;
+                        }
+                        if (ret < 0) {
+                                al = SSL_AD_INTERNAL_ERROR;
+                                SSLerror(s, ERR_R_MALLOC_FAILURE);
+                                goto fatal_err;
+                        }
+                }
+                S3I(s)->hs.tls12.reuse_message = 1;
+                return (1);
+        }
+        if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
+                goto fatal_err;
+        }
        if (n < 0) {
                /* need at least status type + length */
                al = SSL_AD_DECODE_ERROR;
author	beck <>	2021-09-02 08:51:56 +0000
committer	beck <>	2021-09-02 08:51:56 +0000
commit	032a922b0ec803ebabe7fc26e2ff44d5f29b799b (patch)
tree	7862c94649f8ca7fb3ff75b1dea8b4356fe54c37 /src/lib
parent	8ba36b11f23621d3529492cb644624eeca25b1f9 (diff)
download	openbsd-032a922b0ec803ebabe7fc26e2ff44d5f29b799b.tar.gz openbsd-032a922b0ec803ebabe7fc26e2ff44d5f29b799b.tar.bz2 openbsd-032a922b0ec803ebabe7fc26e2ff44d5f29b799b.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 519e823354..7ceb866573 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.108 2021/08/30 19:25:43 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.109 2021/09/02 08:51:56 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1839,11 +1839,45 @@ ssl3_get_cert_status(SSL *s)
1839	uint8_t status_type;	1839	uint8_t status_type;
1840		1840
1841	n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A,	1841	n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
1842	SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,	1842	SSL3_ST_CR_CERT_STATUS_B, -1, 16384, &ok);
1843	16384, &ok);
1844	if (!ok)	1843	if (!ok)
1845	return ((int)n);	1844	return ((int)n);
1846		1845
		1846	if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
		1847	/*
		1848	* Tell the callback the server did not send us an OSCP
		1849	* response, and has decided to head directly to key exchange.
		1850	*/
		1851	if (s->ctx->internal->tlsext_status_cb) {
		1852	int ret;
		1853
		1854	free(s->internal->tlsext_ocsp_resp);
		1855	s->internal->tlsext_ocsp_resp = NULL;
		1856	s->internal->tlsext_ocsp_resp_len = 0;
		1857
		1858	ret = s->ctx->internal->tlsext_status_cb(s,
		1859	s->ctx->internal->tlsext_status_arg);
		1860	if (ret == 0) {
		1861	al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
		1862	SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
		1863	goto fatal_err;
		1864	}
		1865	if (ret < 0) {
		1866	al = SSL_AD_INTERNAL_ERROR;
		1867	SSLerror(s, ERR_R_MALLOC_FAILURE);
		1868	goto fatal_err;
		1869	}
		1870	}
		1871	S3I(s)->hs.tls12.reuse_message = 1;
		1872	return (1);
		1873	}
		1874
		1875	if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
		1876	al = SSL_AD_UNEXPECTED_MESSAGE;
		1877	SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
		1878	goto fatal_err;
		1879	}
		1880
1847	if (n < 0) {	1881	if (n < 0) {
1848	/* need at least status type + length */	1882	/* need at least status type + length */
1849	al = SSL_AD_DECODE_ERROR;	1883	al = SSL_AD_DECODE_ERROR;