wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Skip Server Supported Curve Extension

Browse Source 
Added a build option, WOLFSSL_ALLOW_SERVER_SC_EXT, that skips the
client's parsing of the supported curve extension if sent by the
server for sessions using < TLSv1.3. The server doesn't need to send it
and the RFCs don't specify what should happen if it does in TLSv1.2, but
it is sent in response from one particular Java based TLS server.
This commit is contained in:
John Safranek
2018-10-11 13:06:02 -07:00
parent 9a0ecd4eb6
commit b404d4805f
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/tls.c
View File

@ -3627,8 +3627,13 @@ static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
word16 name; word16 name;
int ret; int ret;
if(!isRequest && !IsAtLeastTLSv1_3(ssl->version)) if(!isRequest && !IsAtLeastTLSv1_3(ssl->version)) {
#ifdef WOLFSSL_ALLOW_SERVER_SC_EXT
return 0;
#else
return BUFFER_ERROR; /* servers doesn't send this extension. */ return BUFFER_ERROR; /* servers doesn't send this extension. */
#endif
}
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
return BUFFER_ERROR; return BUFFER_ERROR;