summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjsing <jsing@openbsd.org>2020-01-25 12:37:06 +0000
committerjsing <jsing@openbsd.org>2020-01-25 12:37:06 +0000
commitabdcc1624b7c33c3da0852e937f676bf1b08b619 (patch)
treea47a9654a12077cf76cea8bfd245991828031d2f
parentOnly send an RI extension for pre-TLSv1.3 versions. (diff)
downloadwireguard-openbsd-abdcc1624b7c33c3da0852e937f676bf1b08b619.tar.xz
wireguard-openbsd-abdcc1624b7c33c3da0852e937f676bf1b08b619.zip
Only discard the extension block for client hello and server hello
messages. TLSv1.3 messages that include extensions need a length prefixed field with zero bytes, rather than no data at all. ok beck@ tb@
Diffstat
-rw-r--r--lib/libssl/ssl_tlsext.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index b76a48b99aa..24f2bd50226 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.55 2020/01/25 12:31:42 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.56 2020/01/25 12:37:06 jsing Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1918,7 +1918,8 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type)
extensions_present = 1;
}
- if (!extensions_present)
+ if (!extensions_present &&
+ (msg_type & (SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH)) != 0)
CBB_discard_child(cbb);
if (!CBB_flush(cbb))
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.