summaryrefslogtreecommitdiff
path: root/lib/libssl/ssl_tlsext.c
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2022-06-30 11:18:39 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2022-06-30 11:18:39 +0000
commita63276d6bd58ed58ab0a491443ce65ebccb119ed (patch)
tree5b95779ede631031635db6ab9ca981b840f6e838 /lib/libssl/ssl_tlsext.c
parentab10cdd9cde7ffe69ed950c2543e585db62eb3a3 (diff)
Check whether the security level allows session tickets.
ok beck jsing
Diffstat (limited to 'lib/libssl/ssl_tlsext.c')
-rw-r--r--lib/libssl/ssl_tlsext.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index fc6c11daa62..f103c2253ed 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.115 2022/06/29 17:39:20 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.116 2022/06/30 11:18:38 tb Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1124,6 +1124,9 @@ tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type)
if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0)
return 0;
+ if (!ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL))
+ return 0;
+
if (s->internal->new_session)
return 1;
@@ -1203,7 +1206,8 @@ int
tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type)
{
return (s->internal->tlsext_ticket_expected &&
- !(SSL_get_options(s) & SSL_OP_NO_TICKET));
+ !(SSL_get_options(s) & SSL_OP_NO_TICKET) &&
+ ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL));
}
int
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 22:46:13 +0000