From 108d45df737f5b0a4842de02c3f8ff1b9b07306f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 16 May 2017 12:04:00 +0100 Subject: [PATCH] Allow a missing sig algs extension if resuming The current TLSv1.3 spec says: 'If a server is authenticating via a certificate and the client has not sent a "signature_algorithms" extension, then the server MUST abort the handshake with a "missing_extension" alert (see Section 8.2).' If we are resuming then we are not "authenticating via a certificate" but we were still aborting with the missing_extension alert if sig algs was missing. This commit ensures that we only send the alert if we are not resuming. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3478) --- ssl/statem/extensions.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index fd76337564..68d8cea0bd 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1081,7 +1081,7 @@ static int init_srtp(SSL *s, unsigned int context) static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al) { - if (!sent && SSL_IS_TLS13(s)) { + if (!sent && SSL_IS_TLS13(s) && !s->hit) { *al = TLS13_AD_MISSING_EXTENSION; SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION); return 0; -- GitLab