projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 12fca1a)
Do not print extensions in Certificate message for TLS1.2 and lower
authorDaniil Zotkin <zotkin@rutoken.ru>
Tue, 24 Sep 2019 08:08:23 +0000 (11:08 +0300)
committerPauli <paul.dale@oracle.com>
Thu, 3 Oct 2019 00:29:49 +0000 (10:29 +1000)
According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9994)

ssl/t1_trce.c patch | blob | history

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index a2cb4f7385aa897d85cefe8513565f74d485ffa8..c55c172b88b1cc2117d8890159493176d766d31b 100644 (file)
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1242,8 +1242,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
     while (clen > 0) {
         if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
             return 0;
-        if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
-                                  &msg, &clen))
+        if (SSL_IS_TLS13(ssl)
+            && !ssl_print_extensions(bio, indent + 2, server,
+                                     SSL3_MT_CERTIFICATE, &msg, &clen))
             return 0;
 
     }
Unnamed repository; edit this file 'description' to name the repository.