Check whether the security level allows session tickets.

ok beck jsing
author: tb <> 2022-06-30 11:18:38 +0000
committer: tb <> 2022-06-30 11:18:38 +0000
commit: d4cf4432044589137756086ce6c52b4b13b7f563 (patch)
tree: 565a787539717391de8deb928753a351878c6b39 /src
parent: 5f574489be242a7d86373038f340aaf574a0b228 (diff)
download: openbsd-d4cf4432044589137756086ce6c52b4b13b7f563.tar.gz
openbsd-d4cf4432044589137756086ce6c52b4b13b7f563.tar.bz2
openbsd-d4cf4432044589137756086ce6c52b4b13b7f563.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index fc6c11daa6..f103c2253e 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.115 2022/06/29 17:39:20 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.116 2022/06/30 11:18:38 tb Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1124,6 +1124,9 @@ tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type)
        if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0)
                return 0;
+        if (!ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL))
+                return 0;
        if (s->internal->new_session)
                return 1;
@@ -1203,7 +1206,8 @@ int
 tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type)
 {
        return (s->internal->tlsext_ticket_expected &&
-            !(SSL_get_options(s) & SSL_OP_NO_TICKET));
+            !(SSL_get_options(s) & SSL_OP_NO_TICKET) &&
+            ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL));
 }
 int
author	tb <>	2022-06-30 11:18:38 +0000
committer	tb <>	2022-06-30 11:18:38 +0000
commit	d4cf4432044589137756086ce6c52b4b13b7f563 (patch)
tree	565a787539717391de8deb928753a351878c6b39 /src
parent	5f574489be242a7d86373038f340aaf574a0b228 (diff)
download	openbsd-d4cf4432044589137756086ce6c52b4b13b7f563.tar.gz openbsd-d4cf4432044589137756086ce6c52b4b13b7f563.tar.bz2 openbsd-d4cf4432044589137756086ce6c52b4b13b7f563.zip