Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure clientAuthRequested is set when negotiated PSK does not have c…
…erts Summary: The `Finished` handler assumes that `clientAuthRequested` is always set. Prior to this diff, if a CachedPsk was used for a resumption connection where the CachedPsk itself does not have a `serverCert` or a `clientCert` set (which can happen if the PSK serialization/deserialization does not support encoding/decoding the certificate), then this would not be set, causing the handshake to fail even though the client successfully negotiated a resumption. This diff changes the behavior so that if a PSK was successfully negotiated (but the certs are null), then this would be treated as a `NotRequested` client auth state. Since this is a resumed connection anyway, there would not be a client certificate sent, so this field is effectively a no-op wrt TLS logic. Reviewed By: knekritz Differential Revision: D56281894 fbshipit-source-id: b528d745e8e17e9328063b490d646aee79956cde
- Loading branch information
1 parent
d19f56d
commit 17a053f
Showing
3 changed files
with
50 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters