projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix the check for suitable groups and TLSv1.3
[openssl.git]
/
ssl
/
statem
/
extensions_clnt.c
diff --git
a/ssl/statem/extensions_clnt.c
b/ssl/statem/extensions_clnt.c
index b216e29f2666e258d9a276999bb0753c8c90c30a..cac713fff089ebb85240309630b89179f41472bc 100644
(file)
--- a/
ssl/statem/extensions_clnt.c
+++ b/
ssl/statem/extensions_clnt.c
@@
-234,7
+234,7
@@
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
}
}
if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
}
}
if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
- if (added == 0
|| (tls13added == 0 && max_version == TLS1_3_VERSION)
)
+ if (added == 0)
SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS,
"No groups enabled for max supported SSL/TLS version");
else
SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS,
"No groups enabled for max supported SSL/TLS version");
else
@@
-242,6
+242,12
@@
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
return EXT_RETURN_FAIL;
}
+ if (tls13added == 0 && max_version == TLS1_3_VERSION) {
+ SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS,
+ "No groups enabled for max supported SSL/TLS version");
+ return EXT_RETURN_FAIL;
+ }
+
return EXT_RETURN_SENT;
}
return EXT_RETURN_SENT;
}