From fb62e47c782397cadf607b92ce50f2bbe250d12e Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 18 May 2018 09:08:19 +0100
Subject: [PATCH] Don't send a warning alert in TLSv1.3

TLSv1.3 ignores the alert level, so we should suppress sending of
warning only alerts.

Fixes #6211

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6370)
---
 ssl/statem/extensions.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 8885e5e0d7..496039e3d4 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -984,7 +984,9 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
         return 0;
 
     case SSL_TLSEXT_ERR_ALERT_WARNING:
-        ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
+        /* TLSv1.3 doesn't have warning alerts so we suppress this */
+        if (!SSL_IS_TLS13(s))
+            ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
         return 1;
 
     case SSL_TLSEXT_ERR_NOACK:
-- 
2.34.1