Commit af2d06d2 authored by Matt Caswell's avatar Matt Caswell
Browse files

Ignore the status_request extension in a resumption handshake 



We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.

Fixes #1662

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5897)
parent 69712507

ssl/t1_lib.c

+4 −0
Original line number Diff line number Diff line
@@ -2156,6 +2156,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) 
                }

            }

        } else if (type == TLSEXT_TYPE_status_request) {

            /* Ignore this if resuming */

            if (s->hit)

                continue;



            if (!PACKET_get_1(&extension,

                              (unsigned int *)&s->tlsext_status_type)) {

                return 0;