detect server forcing compression on client w/o support

src/internal.c

@@ -11162,6 +11162,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case MATCH_SUITE_ERROR :
         return "can't match cipher suite";
 
+    case COMPRESSION_ERROR :
+        return "compression mismatch error";
+
     case BUILD_MSG_ERROR :
         return "build message failure";
 
@@ -13048,6 +13051,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         ssl->options.cipherSuite  = cs1;
         compression = input[i++];
 
+        if (compression != NO_COMPRESSION && !ssl->options.usingCompression) {
+            WOLFSSL_MSG("Server forcing compression w/o support");
+            return COMPRESSION_ERROR;
+        }
+
         if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) {
             WOLFSSL_MSG("Server refused compression, turning off");
             ssl->options.usingCompression = 0;  /* turn off if server refused */

wolfssl/error-ssl.h

@@ -153,7 +153,8 @@ enum wolfSSL_ErrorCodes {
 
     /* begin negotiation parameter errors */
     UNSUPPORTED_SUITE            = -500,        /* unsupported cipher suite */
-    MATCH_SUITE_ERROR            = -501         /* can't match cipher suite */
+    MATCH_SUITE_ERROR            = -501,        /* can't match cipher suite */
+    COMPRESSION_ERROR            = -502         /* compression mismatch */
     /* end negotiation parameter errors only 10 for now */
     /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */