forked from wolfSSL/wolfssl
TLS !.3: restrict extension validity by message
Extensions ServerName, SupportedGroups and ALPN must not appear in server_hello. Removed server_hello from the valid checks.
This commit is contained in:
Sean Parkinson
@ -12011,7 +12011,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
|
|||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SNI)
|
#if defined(WOLFSSL_TLS13) && defined(HAVE_SNI)
|
||||||
if (IsAtLeastTLSv1_3(ssl->version) &&
|
if (IsAtLeastTLSv1_3(ssl->version) &&
|
||||||
msgType != client_hello &&
|
msgType != client_hello &&
|
||||||
msgType != server_hello &&
|
|
||||||
msgType != encrypted_extensions) {
|
msgType != encrypted_extensions) {
|
||||||
return EXT_NOT_ALLOWED;
|
return EXT_NOT_ALLOWED;
|
||||||
}
|
}
|
||||||
@ -12082,7 +12081,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
|
|||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
|
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
|
||||||
if (IsAtLeastTLSv1_3(ssl->version) &&
|
if (IsAtLeastTLSv1_3(ssl->version) &&
|
||||||
msgType != client_hello &&
|
msgType != client_hello &&
|
||||||
msgType != server_hello &&
|
|
||||||
msgType != encrypted_extensions) {
|
msgType != encrypted_extensions) {
|
||||||
return EXT_NOT_ALLOWED;
|
return EXT_NOT_ALLOWED;
|
||||||
}
|
}
|
||||||
@ -12201,7 +12199,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
|
|||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_ALPN)
|
#if defined(WOLFSSL_TLS13) && defined(HAVE_ALPN)
|
||||||
if (IsAtLeastTLSv1_3(ssl->version) &&
|
if (IsAtLeastTLSv1_3(ssl->version) &&
|
||||||
msgType != client_hello &&
|
msgType != client_hello &&
|
||||||
msgType != server_hello &&
|
|
||||||
msgType != encrypted_extensions) {
|
msgType != encrypted_extensions) {
|
||||||
return EXT_NOT_ALLOWED;
|
return EXT_NOT_ALLOWED;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user