summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-11-28 16:46:15 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-11-28 16:46:15 +0000
commite397fda1655257386c079a0f3a553675425ba24b (patch)
treeb51fdd87299bb469890e95048699aaf464a9d371 /lib
parent3a18a644bdb1d5fd72234802ca463135154d09b0 (diff)
Correct TLS extensions handling when no extensions are present.
If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/ssl_tlsext.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 835c4134784..d43ebc67756 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.17 2017/09/25 18:02:27 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.18 2017/11/28 16:46:14 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1296,6 +1296,7 @@ tlsext_clienthello_build(SSL *s, CBB *cbb)
{
CBB extensions, extension_data;
struct tls_extension *tlsext;
+ int extensions_present = 0;
size_t i;
if (!CBB_add_u16_length_prefixed(cbb, &extensions))
@@ -1313,8 +1314,13 @@ tlsext_clienthello_build(SSL *s, CBB *cbb)
return 0;
if (!tls_extensions[i].clienthello_build(s, &extension_data))
return 0;
+
+ extensions_present = 1;
}
+ if (!extensions_present)
+ CBB_discard_child(cbb);
+
if (!CBB_flush(cbb))
return 0;
@@ -1351,6 +1357,7 @@ tlsext_serverhello_build(SSL *s, CBB *cbb)
{
CBB extensions, extension_data;
struct tls_extension *tlsext;
+ int extensions_present = 0;
size_t i;
if (!CBB_add_u16_length_prefixed(cbb, &extensions))
@@ -1368,8 +1375,13 @@ tlsext_serverhello_build(SSL *s, CBB *cbb)
return 0;
if (!tlsext->serverhello_build(s, &extension_data))
return 0;
+
+ extensions_present = 1;
}
+ if (!extensions_present)
+ CBB_discard_child(cbb);
+
if (!CBB_flush(cbb))
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 13:13:51 +0000