aboutsummaryrefslogtreecommitdiff
path: root/ssl/statem/statem_lib.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2021-02-16 19:54:02 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2021-02-16 19:54:02 +0000
commit4f55bd5321b72491d4eff396e4928e9ab0706735 (patch)
tree46adf486ba58f712ebd071b5d2dbeda04c45833b /ssl/statem/statem_lib.c
parentc25134eb4f5842c16f8f372a1e28849794d70883 (diff)
downloadsrc-4f55bd5321b72491d4eff396e4928e9ab0706735.tar.gz
src-4f55bd5321b72491d4eff396e4928e9ab0706735.zip
Import OpenSSL 1.1.1j.vendor/openssl/1.1.1j
Diffstat (limited to 'ssl/statem/statem_lib.c')
-rw-r--r--ssl/statem/statem_lib.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 364f77f08a4e..c3b6f8f4569a 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1504,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
/*
* Only called by servers. Returns 1 if the server has a TLSv1.3 capable
- * certificate type, or has PSK or a certificate callback configured. Otherwise
- * returns 0.
+ * certificate type, or has PSK or a certificate callback configured, or has
+ * a servername callback configured. Otherwise returns 0.
*/
static int is_tls13_capable(const SSL *s)
{
@@ -1515,6 +1515,17 @@ static int is_tls13_capable(const SSL *s)
EC_KEY *eckey;
#endif
+ if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
+ return 0;
+
+ /*
+ * A servername callback can change the available certs, so if a servername
+ * cb is set then we just assume TLSv1.3 will be ok
+ */
+ if (s->ctx->ext.servername_cb != NULL
+ || s->session_ctx->ext.servername_cb != NULL)
+ return 1;
+
#ifndef OPENSSL_NO_PSK
if (s->psk_server_callback != NULL)
return 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 05:43:51 +0000