commit bfab12bb7dbd32cb13a8d518f312857ebd045541
author Matt Caswell <matt@openssl.org> Tue Nov 14 13:55:21 2017 +0000
committer Matt Caswell <matt@openssl.org> Tue Nov 21 17:46:22 2017 +0000
tree 2880cf8691dac3ba3d839be90e93e933fd6d27c0
parent b510b740fb4e3cb35e6f297c232c0e776dbcbc71

Allow a client to send early_data with SNI if the session has no SNI

We can only send early_data if the SNI is consistent. However it is valid
for the client to set SNI and the server to not use it. This would still be
counted as consistent. OpenSSL client was being overzealous in this check
and disallowing this scenario.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4738)

ssl/statem/extensions_clnt.c

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index a690751..0dc1c49 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -736,13 +736,14 @@
     edsess = s->session->ext.max_early_data != 0 ? s->session : psksess;
     s->max_early_data = edsess->ext.max_early_data;
 
-    if ((s->ext.hostname == NULL && edsess->ext.hostname != NULL)
-            || (s->ext.hostname != NULL
-                && (edsess->ext.hostname == NULL
-                    || strcmp(s->ext.hostname, edsess->ext.hostname) != 0))) {
-        SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
-               SSL_R_INCONSISTENT_EARLY_DATA_SNI);
-        return EXT_RETURN_FAIL;
+    if (edsess->ext.hostname != NULL) {
+        if (s->ext.hostname == NULL
+                || (s->ext.hostname != NULL
+                    && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                   SSL_R_INCONSISTENT_EARLY_DATA_SNI);
+            return EXT_RETURN_FAIL;
+        }
     }
 
     if ((s->ext.alpn == NULL && edsess->ext.alpn_selected != NULL)) {