Google Git
Sign in
flutter / third_party / openssl / e96e0f8e420c42f28b0e86c9cf757f152f696321^! / . / ssl / statem / extensions_srvr.c
commite96e0f8e420c42f28b0e86c9cf757f152f696321[log] [tgz]
authorMatt Caswell <matt@openssl.org>Fri Dec 02 09:14:15 2016 +0000
committerMatt Caswell <matt@openssl.org>Fri Jan 06 10:25:13 2017 +0000
treeaa40a232274c0948c52af07df051ea75ecb37218
parentf97d4c370844081e5e735711bd8b91979313ce7b [diff] [blame]
Create Certificate messages in TLS1.3 format

Also updates TLSProxy to be able to understand the format and parse the
contained extensions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 14a8e15..0bdfce8 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c

@@ -224,6 +224,10 @@
 {
     PACKET responder_id_list, exts;
 
+    /* Not defined if we get one of these in a client Certificate */
+    if (x != NULL)
+        return 1;
+
     if (!PACKET_get_1(pkt, (unsigned int *)&s->tlsext_status_type)) {
         *al = SSL_AD_DECODE_ERROR;
         return 0;
@@ -752,6 +756,9 @@
     if (!s->tlsext_status_expected)
         return 1;
 
+    if (SSL_IS_TLS13(s) && chain != 0)
+        return 1;
+
     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
             || !WPACKET_put_bytes_u16(pkt, 0)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);