diff --git a/ChangeLog b/ChangeLog index d9f3edb9b..0487932da 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ PolarSSL ChangeLog (Sorted per branch, date) += PolarSSL 1.3 branch +Bugfix + * Server does not send out extensions not advertised by client + = PolarSSL 1.3.1 released on 2013-10-15 Features * Support for Brainpool curves and TLS ciphersuites (RFC 7027) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index c682c0ad2..6654998fd 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -342,6 +342,13 @@ #define TLS_EXT_RENEGOTIATION_INFO 0xFF01 +/* + * TLS extension flags (for extensions with outgoing ServerHello content + * that need it (e.g. for RENEGOTIATION_INFO the server already knows because + * of state of the renegotiation flag, so no indicator is required) + */ +#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) + /* * Size defines */ @@ -546,6 +553,7 @@ struct _ssl_handshake_params int resume; /*!< session resume indicator*/ int max_major_ver; /*!< max. major version client*/ int max_minor_ver; /*!< max. minor version client*/ + int cli_exts; /*!< client extension presence*/ #if defined(POLARSSL_SSL_SESSION_TICKETS) int new_session_ticket; /*!< use NewSessionTicket? */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 5b35b9427..9d5017541 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1270,6 +1270,7 @@ static int ssl_parse_client_hello( ssl_context *ssl ) case TLS_EXT_SUPPORTED_POINT_FORMATS: SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); + ssl->handshake->cli_exts |= TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); if( ret != 0 ) @@ -1546,7 +1547,12 @@ static void ssl_write_supported_point_formats_ext( ssl_context *ssl, unsigned char *p = buf; ((void) ssl); - *olen = 0; + if( ( ssl->handshake->cli_exts & + TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 ) + { + *olen = 0; + return; + } SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );