cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 11:11:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

Server does not send out extensions not advertised by client

Browse Source
This commit is contained in:
Paul Bakker 2013-10-28 12:54:26 +01:00
parent 6888167e73
commit 677377f472
3 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,5 +1,9 @@
PolarSSL ChangeLog (Sorted per branch, date) PolarSSL ChangeLog (Sorted per branch, date)
= PolarSSL 1.3 branch
Bugfix
* Server does not send out extensions not advertised by client
= PolarSSL 1.3.1 released on 2013-10-15 = PolarSSL 1.3.1 released on 2013-10-15
Features Features
* Support for Brainpool curves and TLS ciphersuites (RFC 7027) * Support for Brainpool curves and TLS ciphersuites (RFC 7027)

8
include/polarssl/ssl.h
View File

@ -342,6 +342,13 @@
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01 #define TLS_EXT_RENEGOTIATION_INFO 0xFF01
/*
* TLS extension flags (for extensions with outgoing ServerHello content
* that need it (e.g. for RENEGOTIATION_INFO the server already knows because
* of state of the renegotiation flag, so no indicator is required)
*/
#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
/* /*
* Size defines * Size defines
*/ */
@ -546,6 +553,7 @@ struct _ssl_handshake_params
int resume; /*!< session resume indicator*/ int resume; /*!< session resume indicator*/
int max_major_ver; /*!< max. major version client*/ int max_major_ver; /*!< max. major version client*/
int max_minor_ver; /*!< max. minor version client*/ int max_minor_ver; /*!< max. minor version client*/
int cli_exts; /*!< client extension presence*/
#if defined(POLARSSL_SSL_SESSION_TICKETS) #if defined(POLARSSL_SSL_SESSION_TICKETS)
int new_session_ticket; /*!< use NewSessionTicket? */ int new_session_ticket; /*!< use NewSessionTicket? */

8
library/ssl_srv.c
View File

@ -1270,6 +1270,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
case TLS_EXT_SUPPORTED_POINT_FORMATS: case TLS_EXT_SUPPORTED_POINT_FORMATS:
SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
ssl->handshake->cli_exts |= TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
if( ret != 0 ) if( ret != 0 )
@ -1546,7 +1547,12 @@ static void ssl_write_supported_point_formats_ext( ssl_context *ssl,
unsigned char *p = buf; unsigned char *p = buf;
((void) ssl); ((void) ssl);
*olen = 0; if( ( ssl->handshake->cli_exts &
TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 )
{
*olen = 0;
return;
}
SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) ); SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );