summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2022-04-07 21:16:48 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2022-04-07 21:16:48 +0100
commitd95313eb794f13bf43af3f0cbcc31491a5091fd2 (patch)
tree283791f3afd7c3e899e773c1757ae0a848e9dee4 /src
parent6259ba7148cd408d4704850c206dfc2248d2d1cc (diff)
Openssl client: ocsp stapling on resumed seesion
Diffstat (limited to 'src')
-rw-r--r--src/src/tls-openssl.c25
1 files changed, 13 insertions, 12 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 7bf62f504..ab3b636a3 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2417,8 +2417,12 @@ int i;
DEBUG(D_tls) debug_printf("Received TLS status callback (OCSP stapling):\n");
len = SSL_get_tlsext_status_ocsp_resp(s, &p);
if(!p)
- {
- /* Expect this when we requested ocsp but got none */
+ { /* Expect this when we requested ocsp but got none */
+ if (SSL_session_reused(s) && tls_out.ocsp == OCSP_VFIED)
+ {
+ DEBUG(D_tls) debug_printf(" null, but resumed; ocsp vfy stored with session is good\n");
+ return 1;
+ }
if (cbinfo->u_ocsp.client.verify_required && LOGGING(tls_cipher))
log_write(0, LOG_MAIN, "Required TLS certificate status not received");
else
@@ -3658,22 +3662,19 @@ if (tlsp->host_resumable)
DEBUG(D_tls) debug_printf("session expired\n");
dbfn_delete(dbm_file, key);
}
- else if (!SSL_set_session(ssl, ss))
- {
- DEBUG(D_tls)
- {
- ERR_error_string_n(ERR_get_error(),
- ssl_errstring, sizeof(ssl_errstring));
- debug_printf("applying session to ssl: %s\n", ssl_errstring);
- }
- }
- else
+ else if (SSL_set_session(ssl, ss))
{
DEBUG(D_tls) debug_printf("good session\n");
tlsp->resumption |= RESUME_CLIENT_SUGGESTED;
tlsp->verify_override = dt->verify_override;
tlsp->ocsp = dt->ocsp;
}
+ else DEBUG(D_tls)
+ {
+ ERR_error_string_n(ERR_get_error(),
+ ssl_errstring, sizeof(ssl_errstring));
+ debug_printf("applying session to ssl: %s\n", ssl_errstring);
+ }
}
}
else