&& type != TLSEXT_TYPE_renegotiate
&& type != TLSEXT_TYPE_signed_certificate_timestamp
&& (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {
- SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION);
+ SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
*al = SSL_AD_UNSUPPORTED_EXTENSION;
goto err;
}
static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al)
{
- if (!sent && SSL_IS_TLS13(s)) {
+ if (!sent && SSL_IS_TLS13(s) && !s->hit) {
*al = TLS13_AD_MISSING_EXTENSION;
SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION);
return 0;