diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2017-06-01 21:01:27 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-06-05 13:54:10 -0400 |
commit | 720b6cbe4a195fc5563be2334e8519a61b82eeef (patch) | |
tree | 428b214dc47a2fba26ea5c9df604fe6fcc1a6ec7 /doc/man1/s_client.pod | |
parent | ae269dd8b72dbed1f2c5f92dbe0fbf5b7b905e7b (diff) | |
download | openssl-720b6cbe4a195fc5563be2334e8519a61b82eeef.tar.gz |
Avoid failing s_server when client's psk_identity is unexpected
s_server has traditionally been very brittle in PSK mode. If the
client offered any PSK identity other than "Client_identity" s_server
would simply abort.
This is breakage for breakage's sake, and unlike most other parts of
s_server, which tend to allow more flexible connections.
This change accomplishes two things:
* when the client's psk_identity does *not* match the identity
expected by the server, just warn, don't fail.
* allow the server to expect instead a different psk_identity from
the client besides "Client_identity"
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3605)
Diffstat (limited to 'doc/man1/s_client.pod')
0 files changed, 0 insertions, 0 deletions