diff options
author | Matt Caswell <matt@openssl.org> | 2019-01-04 16:54:03 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-01-07 09:39:10 +0000 |
commit | 23fed8ba0ec895e1b2a089cae380697f15170afc (patch) | |
tree | bfdd8b2ca0329e2bd918b22cdb70aac0383b7926 | |
parent | 67ee899cb51d3e3d7b5f00b878f8f82a097b93f0 (diff) |
Don't complain if we receive the cryptopro extension in the ClientHello
The cryptopro extension is supposed to be unsolicited and appears in the
ServerHello only. Additionally it is unofficial and unregistered - therefore
we should really treat it like any other unknown extension if we see it in
the ClientHello.
Fixes #7747
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)
-rw-r--r-- | ssl/statem/extensions.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index ffa4b460f7..773309a13c 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -348,10 +348,12 @@ static const EXTENSION_DEFINITION ext_defs[] = { { /* * Special unsolicited ServerHello extension only used when - * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set + * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but + * ignore it. */ TLSEXT_TYPE_cryptopro_bug, - SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL }, { |