diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2020-06-25 07:35:06 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-06-25 07:35:06 +0000 |
commit | 7f1ebc33063efd482d0a6d6dbd5d91a6d46f5638 (patch) | |
tree | 98dc0b3f108dd53eba243aef5819bb8788e7e229 /lib | |
parent | 084542e549de03ecfe76953e1762df0d2baef842 (diff) |
Switch the order of the two tests in tls13_client_hello_required_extensions
to match the order they are listed in the RFC. No functional change.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/tls13_server.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 843b5724019..12601fa33d6 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.59 2020/06/24 07:28:38 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.60 2020/06/25 07:35:05 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -108,14 +108,6 @@ tls13_client_hello_required_extensions(struct tls13_ctx *ctx) */ /* - * supported_groups and key_share must either both be present or - * both be absent. - */ - if (tlsext_extension_seen(ssl, TLSEXT_TYPE_supported_groups) != - tlsext_extension_seen(ssl, TLSEXT_TYPE_key_share)) - return 0; - - /* * If we got no pre_shared_key, then signature_algorithms and * supported_groups must both be present. */ @@ -127,6 +119,14 @@ tls13_client_hello_required_extensions(struct tls13_ctx *ctx) } /* + * supported_groups and key_share must either both be present or + * both be absent. + */ + if (tlsext_extension_seen(ssl, TLSEXT_TYPE_supported_groups) != + tlsext_extension_seen(ssl, TLSEXT_TYPE_key_share)) + return 0; + + /* * XXX - Require server_name from client? If so, we SHOULD enforce * this here - RFC 8446, 9.2. */ |