Address code review

2025-08-03 12:44:45 +02:00 · 2022-06-30 16:28:56 +02:00
parent d72edd03b8
commit afdd5648aa
2 changed files with 5 additions and 4 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12793,7 +12793,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,

 #endif /* NO_WOLFSSL_SERVER */

-#ifdef WOLFSSL_DTLS
+#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
 int wolfSSL_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx)
 {
    WOLFSSL_ENTER("wolfSSL_SetChGoodCb");
--- a/src/tls.c
+++ b/src/tls.c
@@ -6169,9 +6169,10 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length,
    extension = TLSX_Find(ssl->extensions, TLSX_COOKIE);
    if (extension == NULL) {
 #ifdef WOLFSSL_DTLS13
-        if (ssl->options.dtls)
-            /* TODO: Should we allow a ClientHello with a valid cookie even if
-             *       the cookie wasn't sent by this WOLFSSL object? */
+        if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version))
+            /* Allow a cookie extension with DTLS 1.3 because it is possible
+             * that a different SSL instance sent the cookie but we are now
+             * receiving it. */
            return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0);
        else
 #endif