diff options
| author | beck <> | 2016-11-02 17:35:10 +0000 |
|---|---|---|
| committer | beck <> | 2016-11-02 17:35:10 +0000 |
| commit | 934ce95782b4bd2661634178fa37d7d852cec066 (patch) | |
| tree | a977adb4d19f7aaba9ca82a5597211dcbb4a06f8 /src | |
| parent | 7f3dde9cdc415f9a66486001377d723ce4500622 (diff) | |
| download | openbsd-934ce95782b4bd2661634178fa37d7d852cec066.tar.gz openbsd-934ce95782b4bd2661634178fa37d7d852cec066.tar.bz2 openbsd-934ce95782b4bd2661634178fa37d7d852cec066.zip | |
Ensure handshake is complete before processing an ocsp response for a ctx
ok jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libtls/tls_ocsp.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c index 113ab0dd3d..0a3d50759f 100644 --- a/src/lib/libtls/tls_ocsp.c +++ b/src/lib/libtls/tls_ocsp.c | |||
| @@ -386,6 +386,9 @@ tls_ocsp_process_response(struct tls *ctx, const unsigned char *response, | |||
| 386 | int ret; | 386 | int ret; |
| 387 | OCSP_RESPONSE *resp; | 387 | OCSP_RESPONSE *resp; |
| 388 | 388 | ||
| 389 | if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) | ||
| 390 | return -1; | ||
| 391 | |||
| 389 | resp = d2i_OCSP_RESPONSE(NULL, &response, size); | 392 | resp = d2i_OCSP_RESPONSE(NULL, &response, size); |
| 390 | if (resp == NULL) { | 393 | if (resp == NULL) { |
| 391 | tls_ocsp_ctx_free(ctx->ocsp_ctx); | 394 | tls_ocsp_ctx_free(ctx->ocsp_ctx); |