diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2021-02-16 19:54:02 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2021-02-16 19:54:02 +0000 |
commit | 4f55bd5321b72491d4eff396e4928e9ab0706735 (patch) | |
tree | 46adf486ba58f712ebd071b5d2dbeda04c45833b /ssl/statem/statem_lib.c | |
parent | c25134eb4f5842c16f8f372a1e28849794d70883 (diff) | |
download | src-4f55bd5321b72491d4eff396e4928e9ab0706735.tar.gz src-4f55bd5321b72491d4eff396e4928e9ab0706735.zip |
Import OpenSSL 1.1.1j.vendor/openssl/1.1.1j
Diffstat (limited to 'ssl/statem/statem_lib.c')
-rw-r--r-- | ssl/statem/statem_lib.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 364f77f08a4e..c3b6f8f4569a 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1504,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) /* * Only called by servers. Returns 1 if the server has a TLSv1.3 capable - * certificate type, or has PSK or a certificate callback configured. Otherwise - * returns 0. + * certificate type, or has PSK or a certificate callback configured, or has + * a servername callback configured. Otherwise returns 0. */ static int is_tls13_capable(const SSL *s) { @@ -1515,6 +1515,17 @@ static int is_tls13_capable(const SSL *s) EC_KEY *eckey; #endif + if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) + return 0; + + /* + * A servername callback can change the available certs, so if a servername + * cb is set then we just assume TLSv1.3 will be ok + */ + if (s->ctx->ext.servername_cb != NULL + || s->session_ctx->ext.servername_cb != NULL) + return 1; + #ifndef OPENSSL_NO_PSK if (s->psk_server_callback != NULL) return 1; |