Commit 8c6371f9 authored Oct 18, 2018 by Matt Caswell

Don't complain and fail about unknown TLSv1.3 PSK identities in s_server



An unknown PSK identity could be because its actually a session resumption
attempt. Sessions resumptions and external PSKs are indistinguishable so
the callbacks need to fail gracefully if they don't recognise the identity.

Fixes #7433

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7434)

(cherry picked from commit 2d015189b97c60b67e10aed320230357bf6b200f)

parent d1bfd807

apps/s_server.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL ssl, const unsigned char identity,

		if (strlen(psk_identity) != identity_len
		\|\| memcmp(psk_identity, identity, identity_len) != 0) {
		BIO_printf(bio_s_out,
		"PSK warning: client identity not what we expected"
		" (got '%s' expected '%s')\n", identity, psk_identity);
		*sess = NULL;
		return 1;
		}

		if (psksess != NULL) {