Only send custom extensions where we have received one in the ClientHello

[openssl.git] / ssl / statem / extensions_cust.c

diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c
index ea79a98f173807587674c2e515719fd5c3439a79..2a21ec492ca7045cc0cdc59aa0e7190e9aa43f84 100644 (file)
--- a/ssl/statem/extensions_cust.c
+++ b/ssl/statem/extensions_cust.c
@@ -64,6 +64,9 @@ static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
     custom_ext_parse_cb_wrap *parse_cb_wrap =
         (custom_ext_parse_cb_wrap *)parse_arg;
 
+    if (parse_cb_wrap->parse_cb == NULL)
+        return 1;
+
     return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
                                    parse_cb_wrap->parse_arg);
 }
@@ -178,11 +181,10 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
 
         if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
                         | SSL_EXT_TLS1_3_SERVER_HELLO
-                        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
-            /*
-             * For ServerHello/EncryptedExtensions only send extensions present
-             * in ClientHello.
-             */
+                        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+                        | SSL_EXT_TLS1_3_CERTIFICATE
+                        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
+            /* Only send extensions present in ClientHello. */
             if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
                 continue;
         }
@@ -393,11 +395,6 @@ static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
     parse_cb_wrap->parse_arg = parse_arg;
     parse_cb_wrap->parse_cb = parse_cb;
 
-    /*
-     * TODO(TLS1.3): Is it possible with the old API to add custom exts for both
-     * client and server for the same type in the same SSL_CTX? We don't handle
-     * that yet.
-     */
     ret = add_custom_ext_intern(ctx, role, ext_type,
                                 context,
                                 custom_ext_add_old_cb_wrap,