return EXT_RETURN_FAIL;
}
- /*
- * TODO(TLS1.3): There is some discussion on the TLS list as to whether
- * we should include versions <TLS1.2. For the moment we do. To be
- * reviewed later.
- */
for (currv = max_version; currv >= min_version; currv--) {
- /* TODO(TLS1.3): Remove this first if clause prior to release!! */
- if (currv == TLS1_3_VERSION) {
- if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
- ERR_R_INTERNAL_ERROR);
- return EXT_RETURN_FAIL;
- }
- } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
+ if (!WPACKET_put_bytes_u16(pkt, currv)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
unsigned int context, X509 *x,
size_t chainidx)
{
+#ifndef OPENSSL_NO_PSK
+ char identity[PSK_MAX_IDENTITY_LEN + 1];
+#endif /* OPENSSL_NO_PSK */
const unsigned char *id = NULL;
size_t idlen = 0;
SSL_SESSION *psksess = NULL;
#ifndef OPENSSL_NO_PSK
if (psksess == NULL && s->psk_client_callback != NULL) {
- char identity[PSK_MAX_IDENTITY_LEN + 1];
unsigned char psk[PSK_MAX_PSK_LEN];
size_t psklen = 0;
X509 *x, size_t chainidx)
{
#ifndef OPENSSL_NO_TLS1_3
- if (!s->pha_forced) {
- int i, n = 0;
-
- /* check for cert, if present, we can do post-handshake auth */
- if (s->cert == NULL)
- return EXT_RETURN_NOT_SENT;
-
- for (i = 0; i < SSL_PKEY_NUM; i++) {
- if (s->cert->pkeys[i].x509 != NULL
- && s->cert->pkeys[i].privatekey != NULL)
- n++;
- }
-
- /* no identity certificates, so no extension */
- if (n == 0)
- return EXT_RETURN_NOT_SENT;
- }
+ if (!s->pha_enabled)
+ return EXT_RETURN_NOT_SENT;
/* construct extension - 0 length, no contents */
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_post_handshake_auth)
s->ext.early_data_ok = 0;
}
if (!s->hit) {
- /* If a new session then update it with the selected ALPN */
+ /*
+ * This is a new session and so alpn_selected should have been
+ * initialised to NULL. We should update it with the selected ALPN.
+ */
+ if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
s->session->ext.alpn_selected =
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
if (s->session->ext.alpn_selected == NULL) {
return 0;
}
- /* TODO(TLS1.3): Remove this before release */
- if (version == TLS1_3_VERSION_DRAFT)
- version = TLS1_3_VERSION;
-
/*
* The only protocol version we support which is valid in this extension in
* a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.