Restore compatibility with GOST2001 implementations.
authorDmitry Belyavskiy <beldmit@gmail.com>
Fri, 4 Jan 2019 17:38:29 +0000 (20:38 +0300)
committerMatt Caswell <matt@openssl.org>
Sun, 6 Jan 2019 10:15:39 +0000 (10:15 +0000)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7985)

ssl/statem/extensions.c

index c5492184f7ee0428f94c4245ccd76ea39360565d..ffa4b460f77553d523adefdd6a2fb38b97a407e3 100644 (file)
@@ -623,7 +623,12 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
                 && type != TLSEXT_TYPE_cookie
                 && type != TLSEXT_TYPE_renegotiate
                 && type != TLSEXT_TYPE_signed_certificate_timestamp
-                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {
+                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0
+#ifndef OPENSSL_NO_GOST
+                && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+                     && type == TLSEXT_TYPE_cryptopro_bug)
+#endif
+                                                               ) {
             SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
                      SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
             goto err;