Commit 108d45df authored May 16, 2017 by Matt Caswell

Allow a missing sig algs extension if resuming



The current TLSv1.3 spec says:

'If a server is authenticating via a certificate and the client has not
sent a "signature_algorithms" extension, then the server MUST abort the
handshake with a "missing_extension" alert (see Section 8.2).'

If we are resuming then we are not "authenticating via a certificate" but
we were still aborting with the missing_extension alert if sig algs was
missing.

This commit ensures that we only send the alert if we are not resuming.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3478)

parent 355a0d10

ssl/statem/extensions.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1081,7 +1081,7 @@ static int init_srtp(SSL *s, unsigned int context)

		static int final_sig_algs(SSL s, unsigned int context, int sent, int al)
		{
		if (!sent && SSL_IS_TLS13(s)) {
		if (!sent && SSL_IS_TLS13(s) && !s->hit) {
		*al = TLS13_AD_MISSING_EXTENSION;
		SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION);
		return 0;