diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2016-11-02 17:35:11 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2016-11-02 17:35:11 +0000 |
| commit | e2b4fad880e2037837d35a2df549f0478946b3c2 (patch) | |
| tree | a1dd162d4ef3dcfff1984d23df916bcafb1fd26d /lib/libtls/tls_ocsp.c | |
| parent | 6bbc53c1924b5c1646cc4592ee9382afb565a1fa (diff) | |
Ensure handshake is complete before processing an ocsp response for a ctx
ok jsing@
Diffstat (limited to 'lib/libtls/tls_ocsp.c')
| -rw-r--r-- | lib/libtls/tls_ocsp.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c index 113ab0dd3dc..0a3d50759fe 100644 --- a/lib/libtls/tls_ocsp.c +++ b/lib/libtls/tls_ocsp.c @@ -386,6 +386,9 @@ tls_ocsp_process_response(struct tls *ctx, const unsigned char *response, int ret; OCSP_RESPONSE *resp; + if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) + return -1; + resp = d2i_OCSP_RESPONSE(NULL, &response, size); if (resp == NULL) { tls_ocsp_ctx_free(ctx->ocsp_ctx); |