From 5e6cb2b0b66a0e7446520d42aa34168f1d651745 Mon Sep 17 00:00:00 2001
From: Andrew Hutchings <andrew@wolfssl.com>
Date: Mon, 9 Jun 2025 08:31:54 +0100
Subject: [PATCH] Allow `trusted_ca_keys` with TLSv1.3

It is possible that the client will provied `trusted_ca_keys` during a
TLSv1.3 connection with 1.2 downgrade. wolfSSL would error with
`EXT_NOT_ALLOWED`. The TLSv1.3 spec states that it can be provided and
should be ignored.

ZD 19936
---
 src/tls.c                  |  2 +-
 tests/test-tls13-down.conf | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 78972a1bd..1593f28d8 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -16149,7 +16149,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
                 /* RFC 8446 4.2.4 states trusted_ca_keys is not used
                    in TLS 1.3. */
                 if (IsAtLeastTLSv1_3(ssl->version)) {
-                    return EXT_NOT_ALLOWED;
+                    break;
                 }
                 else
 #endif
diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf
index 90f0c4bb4..3b388a026 100644
--- a/tests/test-tls13-down.conf
+++ b/tests/test-tls13-down.conf
@@ -51,7 +51,7 @@
 -v 3
 -H exitWithRet
 
-# server TLSv1.2 
+# server TLSv1.2
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -H exitWithRet
@@ -60,7 +60,7 @@
 -v 4
 -H exitWithRet
 
-# server TLSv1.2 
+# server TLSv1.2
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -H exitWithRet
@@ -119,3 +119,10 @@
 -7 3
 -s
 -l ECDHE-PSK-AES128-GCM-SHA256
+
+# server TLSv1.3
+-v 4
+
+# client downgrade with trusted ca
+-v d
+-5