Don't complain and fail about unknown TLSv1.3 PSK identities in s_server

An unknown PSK identity could be because its actually a session resumption attempt. Sessions resumptions and external PSKs are indistinguishable so the callbacks need to fail gracefully if they don't recognise the identity. Fixes #7433 Reviewed-by: N Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7434)

Don't complain and fail about unknown TLSv1.3 PSK identities in s_server
An unknown PSK identity could be because its actually a session resumption attempt. Sessions resumptions and external PSKs are indistinguishable so the callbacks need to fail gracefully if they don't recognise the identity. Fixes #7433 Reviewed-by: N Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7434)
2d015189 · Matt Caswell · 079ef6bd · 2d015189
隐藏空白更改
内联并排

Showing with 2 addition and 3 deletion

apps/s_server.c apps/s_server.c +2 -3

未找到文件。
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,

    if (strlen(psk_identity) != identity_len
            || memcmp(psk_identity, identity, identity_len) != 0) {
-        BIO_printf(bio_s_out,
-                   "PSK warning: client identity not what we expected"
-                   " (got '%s' expected '%s')\n", identity, psk_identity);
+        *sess = NULL;
+        return 1;
    }

    if (psksess != NULL) {