Commit 23fed8ba authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't complain if we receive the cryptopro extension in the ClientHello 



The cryptopro extension is supposed to be unsolicited and appears in the
ServerHello only. Additionally it is unofficial and unregistered - therefore
we should really treat it like any other unknown extension if we see it in
the ClientHello.

Fixes #7747

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)
parent 67ee899c

ssl/statem/extensions.c

+4 −2
Original line number Diff line number Diff line
@@ -348,10 +348,12 @@ static const EXTENSION_DEFINITION ext_defs[] = { 
    {

        /*

         * Special unsolicited ServerHello extension only used when

         * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set

         * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but

         * ignore it.

         */

        TLSEXT_TYPE_cryptopro_bug,

        SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY,

        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO

        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,

        NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL

    },

    {