mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 04:25:44 +01:00
Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3: Add entry to ChangeLog Don't parse or write extensions in SSLv3
This commit is contained in:
commit
249c30c7c5
@ -17,6 +17,8 @@ Security
|
||||
Issue raised by Harm Verhagen
|
||||
|
||||
Bugfix
|
||||
* Disable use of extensions for SSLv3, previously causing the
|
||||
"SSLv3 with extensions" test from ssl-opt.sh to fail.
|
||||
* Fix insufficient support for signature-hash-algorithm extension,
|
||||
resulting in compatibility problems with Chrome. Found by hfloyrd. #823
|
||||
* Accept empty trusted CA chain in authentication mode
|
||||
|
@ -1632,6 +1632,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
|
||||
ext = buf + 44 + sess_len + ciph_len + comp_len;
|
||||
|
||||
SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
|
||||
|
||||
while( ext_len )
|
||||
{
|
||||
unsigned int ext_id = ( ( ext[0] << 8 )
|
||||
@ -2328,6 +2330,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
||||
ssl->session_negotiate->compression ) );
|
||||
|
||||
/* Do not write the extensions if the protocol is SSLv3 */
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
||||
{
|
||||
#endif
|
||||
|
||||
/*
|
||||
* First write extensions, then the total length
|
||||
*/
|
||||
@ -2378,6 +2386,10 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
||||
p += ext_len;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||
}
|
||||
#endif
|
||||
|
||||
ssl->out_msglen = p - buf;
|
||||
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
||||
ssl->out_msg[0] = SSL_HS_SERVER_HELLO;
|
||||
|
Loading…
Reference in New Issue
Block a user