diff options
| author | tb <> | 2020-08-03 19:46:55 +0000 |
|---|---|---|
| committer | tb <> | 2020-08-03 19:46:55 +0000 |
| commit | 6f5846d4f3f7e62754cb323247d834dc7b41374c (patch) | |
| tree | c9b0696383a6256dd9a8d73fcb242c2b6f7724f2 /src | |
| parent | b93f3e3ae34136250d6b92c4f5ec53c979356419 (diff) | |
| download | openbsd-6f5846d4f3f7e62754cb323247d834dc7b41374c.tar.gz openbsd-6f5846d4f3f7e62754cb323247d834dc7b41374c.tar.bz2 openbsd-6f5846d4f3f7e62754cb323247d834dc7b41374c.zip | |
Only parse a client's status_request in the CH
A client should only send a status_request as part of the CH.
Pointed out by Michael Forney
ok inoguchi jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 920d026fff..f3078f3efe 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.80 2020/08/03 19:43:16 tb Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.81 2020/08/03 19:46:55 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -914,6 +914,9 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 914 | uint8_t status_type; | 914 | uint8_t status_type; |
| 915 | int ret = 0; | 915 | int ret = 0; |
| 916 | 916 | ||
| 917 | if (msg_type != SSL_TLSEXT_MSG_CH) | ||
| 918 | goto err; | ||
| 919 | |||
| 917 | if (!CBS_get_u8(cbs, &status_type)) | 920 | if (!CBS_get_u8(cbs, &status_type)) |
| 918 | goto err; | 921 | goto err; |
| 919 | if (status_type != TLSEXT_STATUSTYPE_ocsp) { | 922 | if (status_type != TLSEXT_STATUSTYPE_ocsp) { |