Only send custom extensions where we have received one in the ClientHello
authorMatt Caswell <matt@openssl.org>
Mon, 10 Apr 2017 15:18:26 +0000 (16:18 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 3 May 2017 13:37:42 +0000 (14:37 +0100)
We already did this for ServerHello and EncryptedExtensions. We should be
doing it for Certificate and HelloRetryRequest as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)

ssl/statem/extensions_cust.c

index 6de59e2..2a21ec4 100644 (file)
@@ -181,11 +181,10 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
 
         if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
                         | SSL_EXT_TLS1_3_SERVER_HELLO
-                        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
-            /*
-             * For ServerHello/EncryptedExtensions only send extensions present
-             * in ClientHello.
-             */
+                        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+                        | SSL_EXT_TLS1_3_CERTIFICATE
+                        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
+            /* Only send extensions present in ClientHello. */
             if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
                 continue;
         }