git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Fri, 2 Mar 2018 15:02:11 +0000 (15:02 +0000)
committer	Matt Caswell <matt@openssl.org>
	Mon, 5 Mar 2018 11:55:07 +0000 (11:55 +0000)
commit	5de683d2c6ae2f8c30b97326e72ff19f41228b74
tree	195406b55b9ed7d77f746f018de4a9bf3bb53e51	tree \| snapshot
parent	c04c60217ab748effc5a07bf098abda2045c927b	commit \| diff

Fix status_request and SCT extensions

They are valid for use in a CertificateRequest message, but we did not
allow it. If a server sent such a message using either of those two
extensions then the handshake would abort.

This corrects that error, but does not add support for actually processing
the extensions. They are simply ignored, and a TODO is inserted to add
support at a later time.

This was found during interoperability testing with btls:
https://gitlab.com/ilari_l/btls

Prompted by these errors I reviewed the complete list of extensions and
compared them with the latest table in draft-24 to confirm there were no
other errors of a similar type. I did not find any.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5490)

ssl/statem/extensions.c		diff \| blob \| history
ssl/statem/extensions_clnt.c		diff \| blob \| history