PR: 2115

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 35583ef30effe52caad7c82eb453897310f7a361..dfd8bf24d64a21e9340ff30550910a50f4039bf6 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -915,7 +915,7 @@ int ssl3_get_server_hello(SSL *s)
 
 #ifndef OPENSSL_NO_TLSEXT
        /* TLS extensions*/
-       if (s->version > SSL3_VERSION)
+       if (s->version > SSL3_VERSION && s->version != DTLS1_VERSION && s->version != DTLS1_BAD_VER)
                {
                if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
                        {
@@ -929,6 +929,17 @@ int ssl3_get_server_hello(SSL *s)
                                goto err;
                        }
                }
+
+       /* DTLS extensions */
+       if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
+       {
+               if (!ssl_parse_serverhello_dtlsext(s,&p,d,n, &al))
+               {
+                       /* 'al' set by ssl_parse_serverhello_dtlsext */
+                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
+                       goto f_err;
+               }
+       }
 #endif
 
        if (p != (d+n))