Don't send a status_request extension in a CertificateRequest message
If a TLSv1.3 server configured to respond to the status_request extension also attempted to send a CertificateRequest then it was incorrectly inserting a non zero length status_request extension into that message. The TLSv1.3 RFC does allow that extension in that message but it must always be zero length. In fact we should not be sending the extension at all in that message because we don't support it. Fixes #9767 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9780) (cherry picked from commit debb64a0ca43969eb3f043aa8895a4faa7f12b6e)
parent
5d163466
Please register or sign in to comment