Do not print extensions in Certificate message for TLS1.2 and lower

According to RFC8446 CertificateEntry in Certificate message contains extensions that were not present in the Certificate message in RFC5246. CLA: trivial Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9994) (cherry picked from commit 65c76cd2c9e8da9468dd490b334e56c51dbef582)

Do not print extensions in Certificate message for TLS1.2 and lower
According to RFC8446 CertificateEntry in Certificate message contains extensions that were not present in the Certificate message in RFC5246. CLA: trivial Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9994) (cherry picked from commit 65c76cd2c9e8da9468dd490b334e56c51dbef582)
51f879a3 · Daniil Zotkin · Pauli · 9e274764 · 51f879a3
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

ssl/t1_trce.c ssl/t1_trce.c +3 -2

未找到文件。
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1246,8 +1246,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
    while (clen > 0) {
        if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
            return 0;
-        if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
+        if (SSL_IS_TLS13(ssl)
-                                  &msg, &clen))
+            && !ssl_print_extensions(bio, indent + 2, server,
+                                     SSL3_MT_CERTIFICATE, &msg, &clen))
            return 0;
    }