Avoid failing s_server when client's psk_identity is unexpected
s_server has traditionally been very brittle in PSK mode. If the client offered any PSK identity other than "Client_identity" s_server would simply abort. This is breakage for breakage's sake, and unlike most other parts of s_server, which tend to allow more flexible connections. This change accomplishes two things: * when the client's psk_identity does *not* match the identity expected by the server, just warn, don't fail. * allow the server to expect instead a different psk_identity from the client besides "Client_identity" Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3605)
parent
ae269dd8
Please register or sign in to comment