Google Git
Sign in
flutter / third_party / openssl / 720b6cbe4a195fc5563be2334e8519a61b82eeef
commit720b6cbe4a195fc5563be2334e8519a61b82eeef[log] [tgz]
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>Thu Jun 01 21:01:27 2017 -0400
committerRich Salz <rsalz@openssl.org>Mon Jun 05 13:54:10 2017 -0400
tree428b214dc47a2fba26ea5c9df604fe6fcc1a6ec7
parentae269dd8b72dbed1f2c5f92dbe0fbf5b7b905e7b [diff]
Avoid failing s_server when client's psk_identity is unexpected

s_server has traditionally been very brittle in PSK mode.  If the
client offered any PSK identity other than "Client_identity" s_server
would simply abort.

This is breakage for breakage's sake, and unlike most other parts of
s_server, which tend to allow more flexible connections.

This change accomplishes two things:

 * when the client's psk_identity does *not* match the identity
   expected by the server, just warn, don't fail.

 * allow the server to expect instead a different psk_identity from
   the client besides "Client_identity"

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3605)
2 files changed
tree: 428b214dc47a2fba26ea5c9df604fe6fcc1a6ec7
  1. .github/
  2. apps/
  3. Configurations/
  4. crypto/
  5. demos/
  6. doc/
  7. engines/
  8. external/
  9. fuzz/
  10. include/
  11. ms/
  12. os-dep/
  13. ssl/
  14. test/
  15. tools/
  16. util/
  17. VMS/
  18. boringssl
  19. krb5
  20. pyca-cryptography
  21. .gitattributes
  22. .gitignore
  23. .gitmodules
  24. .travis-create-release.sh
  25. .travis.yml
  26. ACKNOWLEDGEMENTS
  27. appveyor.yml
  28. AUTHORS
  29. build.info
  30. CHANGES
  31. config
  32. config.com
  33. Configure
  34. CONTRIBUTING
  35. e_os.h
  36. FAQ
  37. INSTALL
  38. LICENSE
  39. Makefile.shared
  40. NEWS
  41. NOTES.DJGPP
  42. NOTES.PERL
  43. NOTES.UNIX
  44. NOTES.VMS
  45. NOTES.WIN
  46. README
  47. README.ECC
  48. README.ENGINE
  49. README.FIPS