diff options
author | Matt Caswell <matt@openssl.org> | 2019-01-04 16:54:03 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-01-07 09:43:28 +0000 |
commit | fe5a516b72942f5eacda8c9c7f032e8c76e0cb7b (patch) | |
tree | cd5e2da7ea92c24a1fc7ab38324ed5f19d82ac23 /ssl | |
parent | 053aedf1536267b621cb8d7bceaafece4df03c41 (diff) |
Don't complain if we receive the cryptopro extension in the ClientHello
The cryptopro extension is supposed to be unsolicited and appears in the
ServerHello only. Additionally it is unofficial and unregistered - therefore
we should really treat it like any other unknown extension if we see it in
the ClientHello.
Fixes #7747
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)
(cherry picked from commit 23fed8ba0ec895e1b2a089cae380697f15170afc)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/extensions.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 11feae5456..091639597b 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -348,10 +348,12 @@ static const EXTENSION_DEFINITION ext_defs[] = { { /* * Special unsolicited ServerHello extension only used when - * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set + * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but + * ignore it. */ TLSEXT_TYPE_cryptopro_bug, - SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL }, { |