Properly handle missing TLS extensions in client hello as a non-failure.

Noticed by @Ligushka from github. ok miod@, doug@
author: bcook <bcook@openbsd.org> 2015-08-19 23:34:34 +0000
committer: bcook <bcook@openbsd.org> 2015-08-19 23:34:34 +0000
commit: db47d9360bb0e6ecdd7e96df1411417690a14135 (patch)
tree: 6536f453e3b9a95d8d1bb41cbb4a0fc615478b1e /lib/libssl/t1_lib.c
parent: Better compat matching for WinSCP, add compat matching for (diff)
download: wireguard-openbsd-db47d9360bb0e6ecdd7e96df1411417690a14135.tar.xz
wireguard-openbsd-db47d9360bb0e6ecdd7e96df1411417690a14135.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 9ee495c7908..b892fa9b914 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.82 2015/07/24 07:57:48 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.83 2015/08/19 23:34:34 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2087,6 +2087,8 @@ tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
 		return -1;
 
 	/* Now at start of extensions */
+	if (CBS_len(&session_id) == 0)
+		return 0;
 	if (!CBS_get_u16_length_prefixed(&session_id, &extensions))
 		return -1;
author	bcook <bcook@openbsd.org>	2015-08-19 23:34:34 +0000
committer	bcook <bcook@openbsd.org>	2015-08-19 23:34:34 +0000
commit	db47d9360bb0e6ecdd7e96df1411417690a14135 (patch)
tree	6536f453e3b9a95d8d1bb41cbb4a0fc615478b1e /lib/libssl/t1_lib.c
parent	Better compat matching for WinSCP, add compat matching for (diff)
download	wireguard-openbsd-db47d9360bb0e6ecdd7e96df1411417690a14135.tar.xz wireguard-openbsd-db47d9360bb0e6ecdd7e96df1411417690a14135.zip