This ensures that the key state is authenticated when sending
a push reply.
... | ... |
@@ -652,6 +652,7 @@ int |
652 | 652 |
process_incoming_push_request(struct context *c) |
653 | 653 |
{ |
654 | 654 |
int ret = PUSH_MSG_ERROR; |
655 |
+ struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY]; |
|
655 | 656 |
|
656 | 657 |
#ifdef ENABLE_ASYNC_PUSH |
657 | 658 |
c->c2.push_request_received = true; |
... | ... |
@@ -662,7 +663,12 @@ process_incoming_push_request(struct context *c) |
662 | 662 |
send_auth_failed(c, client_reason); |
663 | 663 |
ret = PUSH_MSG_AUTH_FAILURE; |
664 | 664 |
} |
665 |
- else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED) |
|
665 |
+ else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED |
|
666 |
+ && ks->authenticated |
|
667 |
+ #ifdef ENABLE_DEF_AUTH |
|
668 |
+ && !ks->auth_deferred |
|
669 |
+ #endif |
|
670 |
+ ) |
|
666 | 671 |
{ |
667 | 672 |
time_t now; |
668 | 673 |
|