diff options
author | Matt Caswell <matt@openssl.org> | 2018-05-18 09:08:19 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-06-11 15:46:21 +0100 |
commit | fb62e47c782397cadf607b92ce50f2bbe250d12e (patch) | |
tree | d0c62044e28b8a0086dbf2bbdae02193fb8b8b29 /ssl/statem/extensions.c | |
parent | 4aa5a5669c69a66fbd8b31c52014356f1e960501 (diff) |
Don't send a warning alert in TLSv1.3
TLSv1.3 ignores the alert level, so we should suppress sending of
warning only alerts.
Fixes #6211
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6370)
Diffstat (limited to 'ssl/statem/extensions.c')
-rw-r--r-- | ssl/statem/extensions.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8885e5e0d7..496039e3d4 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -984,7 +984,9 @@ static int final_server_name(SSL *s, unsigned int context, int sent) return 0; case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s, SSL3_AL_WARNING, altmp); + /* TLSv1.3 doesn't have warning alerts so we suppress this */ + if (!SSL_IS_TLS13(s)) + ssl3_send_alert(s, SSL3_AL_WARNING, altmp); return 1; case SSL_TLSEXT_ERR_NOACK: |