Allow a missing sig algs extension if resuming

The current TLSv1.3 spec says: 'If a server is authenticating via a certificate and the client has not sent a "signature_algorithms" extension, then the server MUST abort the handshake with a "missing_extension" alert (see Section 8.2).' If we are resuming then we are not "authenticating via a certificate" but we were still aborting with the missing_extension alert if sig algs was missing. This commit ensures that we only send the alert if we are not resuming. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3478)

Allow a missing sig algs extension if resuming
The current TLSv1.3 spec says: 'If a server is authenticating via a certificate and the client has not sent a "signature_algorithms" extension, then the server MUST abort the handshake with a "missing_extension" alert (see Section 8.2).' If we are resuming then we are not "authenticating via a certificate" but we were still aborting with the missing_extension alert if sig algs was missing. This commit ensures that we only send the alert if we are not resuming. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3478)
108d45df · Matt Caswell · 355a0d10 · 108d45df
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/statem/extensions.c ssl/statem/extensions.c +1 -1

未找到文件。
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1081,7 +1081,7 @@ static int init_srtp(SSL *s, unsigned int context)

 static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al)
 {
-    if (!sent && SSL_IS_TLS13(s)) {
+    if (!sent && SSL_IS_TLS13(s) && !s->hit) {
        *al = TLS13_AD_MISSING_EXTENSION;
        SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION);
        return 0;