Commit 1084fc8f authored by Matt Caswell's avatar Matt Caswell
Browse files

Ignore the status_request extension in a resumption handshake 



We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.

Fixes #1662

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5898)
parent 349a41da

ssl/t1_lib.c

+1 −2
Original line number Diff line number Diff line
@@ -2408,8 +2408,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, 
                goto err;

            if (!tls1_save_sigalgs(s, data, dsize))

                goto err;

        } else if (type == TLSEXT_TYPE_status_request) {



        } else if (type == TLSEXT_TYPE_status_request && !s->hit) {

            if (size < 5)

                goto err;