Modify is_tls13_capable() to take account of the servername cb

A servername cb may change the available certificates, so if we have one
set then we cannot rely on the configured certificates to determine if we
are capable of negotiating TLSv1.3 or not.

Fixes #13291

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13304)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 44cf5a6ce0aee06d7499307da1a00cf9fd456ff2..d5def193a093d7140fbb94b19d074b9e73db22ec 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1515,8 +1515,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
 
 /*
  * Only called by servers. Returns 1 if the server has a TLSv1.3 capable
- * certificate type, or has PSK or a certificate callback configured. Otherwise
- * returns 0.
+ * certificate type, or has PSK or a certificate callback configured, or has
+ * a servername callback configure. Otherwise returns 0.
  */
 static int is_tls13_capable(const SSL *s)
 {
@@ -1525,6 +1525,17 @@ static int is_tls13_capable(const SSL *s)
     int curve;
 #endif
 
+    if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
+        return 0;
+
+    /*
+     * A servername callback can change the available certs, so if a servername
+     * cb is set then we just assume TLSv1.3 will be ok
+     */
+    if (s->ctx->ext.servername_cb != NULL
+            || s->session_ctx->ext.servername_cb != NULL)
+        return 1;
+
 #ifndef OPENSSL_NO_PSK
     if (s->psk_server_callback != NULL)
         return 1;