Don't send a warning alert in TLSv1.3

author Matt Caswell <matt@openssl.org>

Fri, 18 May 2018 08:08:19 +0000 (09:08 +0100)

committer Matt Caswell <matt@openssl.org>

Mon, 11 Jun 2018 14:46:21 +0000 (15:46 +0100)
author Matt Caswell <matt@openssl.org>
Fri, 18 May 2018 08:08:19 +0000 (09:08 +0100)
committer Matt Caswell <matt@openssl.org>
Mon, 11 Jun 2018 14:46:21 +0000 (15:46 +0100)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c

index 8885e5e0d7d496405232aa8b53ffb00e3ed09301..496039e3d4094f5ee7be448689bdb9706a9ce4cb 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -984,7 +984,9 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
          return 0;
  
      case SSL_TLSEXT_ERR_ALERT_WARNING:
          return 0;
  
      case SSL_TLSEXT_ERR_ALERT_WARNING:
-        ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
+        /* TLSv1.3 doesn't have warning alerts so we suppress this */
+        if (!SSL_IS_TLS13(s))
+            ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
          return 1;
  
      case SSL_TLSEXT_ERR_NOACK:
          return 1;
  
      case SSL_TLSEXT_ERR_NOACK:
author	Matt Caswell <matt@openssl.org>
	Fri, 18 May 2018 08:08:19 +0000 (09:08 +0100)
committer	Matt Caswell <matt@openssl.org>
	Mon, 11 Jun 2018 14:46:21 +0000 (15:46 +0100)