commit 14d11b0877ffecc42dae531afe17570f0e61b7e6
author Przemek Stekiel <przemyslaw.stekiel@mobica.com> Thu Apr 14 08:33:29 2022 +0200
committer Przemek Stekiel <przemyslaw.stekiel@mobica.com> Fri Apr 22 14:53:55 2022 +0200
tree 62aa213b9e4085b769de29e4419a34d7e9e09db7
parent 19b80f8151c861138461e5ea31841d15d968f5c4

Enable support for psa opaque ECDHE-PSK key exchange on the server side

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 13e3406..bc2aa68 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2211,11 +2211,12 @@
              * the ciphersuite in advance to set the correct policy for the
              * PSK key slot. This limitation might go away in the future. */
             if( ( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK &&
-                  ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK ) ||
+                  ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK  &&
+                  ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) ||
                 opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
             {
                 mbedtls_printf( "opaque PSKs are only supported in conjunction \
-                                 with forcing TLS 1.2 and a PSK-only, RSA-PSK \
+                                 with forcing TLS 1.2 and a PSK-only, RSA-PSK, ECDHE-PSK \
                                  ciphersuites through the 'force_ciphersuite' option.\n" );
                 ret = 2;
                 goto usage;