summaryrefslogtreecommitdiffstats
path: root/lib/libssl/tls13_client.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/tls13_client.c')
-rw-r--r--lib/libssl/tls13_client.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 79318d93135..aab83dcc692 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.54 2020/04/28 20:37:22 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.55 2020/05/09 15:05:50 beck Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -550,13 +550,13 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs)
int
tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
{
- CBS cert_request_context, cert_list, cert_data, cert_exts;
+ CBS cert_request_context, cert_list, cert_data;
struct stack_st_X509 *certs = NULL;
SSL *s = ctx->ssl;
X509 *cert = NULL;
EVP_PKEY *pkey;
const uint8_t *p;
- int cert_idx;
+ int cert_idx, alert_desc;
int ret = 0;
if ((certs = sk_X509_new_null()) == NULL)
@@ -572,8 +572,12 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
while (CBS_len(&cert_list) > 0) {
if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
goto err;
- if (!CBS_get_u16_length_prefixed(&cert_list, &cert_exts))
+
+ if (!tlsext_client_parse(ctx->ssl, &cert_list, &alert_desc,
+ SSL_TLSEXT_MSG_CT)) {
+ ctx->alert = alert_desc;
goto err;
+ }
p = CBS_data(&cert_data);
if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL)
@@ -628,6 +632,10 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
s->session->peer = cert;
s->session->verify_result = s->verify_result;
+ if (ctx->ocsp_status_recv_cb != NULL &&
+ !ctx->ocsp_status_recv_cb(ctx))
+ goto err;
+
ret = 1;
err:
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.