diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-04-07 21:16:48 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-04-07 21:16:48 +0100 |
commit | d95313eb794f13bf43af3f0cbcc31491a5091fd2 (patch) | |
tree | 283791f3afd7c3e899e773c1757ae0a848e9dee4 /src | |
parent | 6259ba7148cd408d4704850c206dfc2248d2d1cc (diff) |
Openssl client: ocsp stapling on resumed seesion
Diffstat (limited to 'src')
-rw-r--r-- | src/src/tls-openssl.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 7bf62f504..ab3b636a3 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2417,8 +2417,12 @@ int i; DEBUG(D_tls) debug_printf("Received TLS status callback (OCSP stapling):\n"); len = SSL_get_tlsext_status_ocsp_resp(s, &p); if(!p) - { - /* Expect this when we requested ocsp but got none */ + { /* Expect this when we requested ocsp but got none */ + if (SSL_session_reused(s) && tls_out.ocsp == OCSP_VFIED) + { + DEBUG(D_tls) debug_printf(" null, but resumed; ocsp vfy stored with session is good\n"); + return 1; + } if (cbinfo->u_ocsp.client.verify_required && LOGGING(tls_cipher)) log_write(0, LOG_MAIN, "Required TLS certificate status not received"); else @@ -3658,22 +3662,19 @@ if (tlsp->host_resumable) DEBUG(D_tls) debug_printf("session expired\n"); dbfn_delete(dbm_file, key); } - else if (!SSL_set_session(ssl, ss)) - { - DEBUG(D_tls) - { - ERR_error_string_n(ERR_get_error(), - ssl_errstring, sizeof(ssl_errstring)); - debug_printf("applying session to ssl: %s\n", ssl_errstring); - } - } - else + else if (SSL_set_session(ssl, ss)) { DEBUG(D_tls) debug_printf("good session\n"); tlsp->resumption |= RESUME_CLIENT_SUGGESTED; tlsp->verify_override = dt->verify_override; tlsp->ocsp = dt->ocsp; } + else DEBUG(D_tls) + { + ERR_error_string_n(ERR_get_error(), + ssl_errstring, sizeof(ssl_errstring)); + debug_printf("applying session to ssl: %s\n", ssl_errstring); + } } } else |