projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow a missing sig algs extension if resuming
[openssl.git] / ssl / statem / extensions.c
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 9854cf0db92a4e034e137511c16076f857464a3a..68d8cea0bdd58f4e8fcbd061c966f1b36c7c4476 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -510,7 +510,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
                 && type != TLSEXT_TYPE_renegotiate
                 && type != TLSEXT_TYPE_signed_certificate_timestamp
                 && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {
-            SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION);
+            SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
             *al = SSL_AD_UNSUPPORTED_EXTENSION;
             goto err;
         }
@@ -1081,7 +1081,7 @@ static int init_srtp(SSL *s, unsigned int context)
 
 static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al)
 {
-    if (!sent && SSL_IS_TLS13(s)) {
+    if (!sent && SSL_IS_TLS13(s) && !s->hit) {
         *al = TLS13_AD_MISSING_EXTENSION;
         SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION);
         return 0;
Unnamed repository; edit this file 'description' to name the repository.