summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2020-06-25 07:35:06 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2020-06-25 07:35:06 +0000
commit7f1ebc33063efd482d0a6d6dbd5d91a6d46f5638 (patch)
tree98dc0b3f108dd53eba243aef5819bb8788e7e229 /lib
parent084542e549de03ecfe76953e1762df0d2baef842 (diff)
Switch the order of the two tests in tls13_client_hello_required_extensions
to match the order they are listed in the RFC. No functional change.
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/tls13_server.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index 843b5724019..12601fa33d6 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.59 2020/06/24 07:28:38 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.60 2020/06/25 07:35:05 tb Exp $ */
/*
* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -108,14 +108,6 @@ tls13_client_hello_required_extensions(struct tls13_ctx *ctx)
*/
/*
- * supported_groups and key_share must either both be present or
- * both be absent.
- */
- if (tlsext_extension_seen(ssl, TLSEXT_TYPE_supported_groups) !=
- tlsext_extension_seen(ssl, TLSEXT_TYPE_key_share))
- return 0;
-
- /*
* If we got no pre_shared_key, then signature_algorithms and
* supported_groups must both be present.
*/
@@ -127,6 +119,14 @@ tls13_client_hello_required_extensions(struct tls13_ctx *ctx)
}
/*
+ * supported_groups and key_share must either both be present or
+ * both be absent.
+ */
+ if (tlsext_extension_seen(ssl, TLSEXT_TYPE_supported_groups) !=
+ tlsext_extension_seen(ssl, TLSEXT_TYPE_key_share))
+ return 0;
+
+ /*
* XXX - Require server_name from client? If so, we SHOULD enforce
* this here - RFC 8446, 9.2.
*/