granicus.if.org Git - openssl/commit

author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Fri, 2 Jun 2017 01:01:27 +0000 (21:01 -0400)
committer	Rich Salz <rsalz@openssl.org>
	Mon, 5 Jun 2017 17:54:10 +0000 (13:54 -0400)
commit	720b6cbe4a195fc5563be2334e8519a61b82eeef
tree	428b214dc47a2fba26ea5c9df604fe6fcc1a6ec7	tree \| snapshot
parent	ae269dd8b72dbed1f2c5f92dbe0fbf5b7b905e7b	commit \| diff

Avoid failing s_server when client's psk_identity is unexpected

s_server has traditionally been very brittle in PSK mode.  If the
client offered any PSK identity other than "Client_identity" s_server
would simply abort.

This is breakage for breakage's sake, and unlike most other parts of
s_server, which tend to allow more flexible connections.

This change accomplishes two things:

* when the client's psk_identity does *not* match the identity
   expected by the server, just warn, don't fail.

* allow the server to expect instead a different psk_identity from
   the client besides "Client_identity"

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3605)

apps/s_server.c		diff \| blob \| history
doc/man1/s_server.pod		diff \| blob \| history