Don't parse or write extensions in SSLv3

In mbed TLS 1.3 a check went missing disabling the use of extensions in SERVER_HELLO for SSLv3, causing the "SSLv3 with extensions" test case from ssl-opt.sh to fail. This commit fixes that and adds a dump of all extensions present in the client hello that the same test case also checks for.
2024-11-23 00:15:40 +01:00 · 2017-06-09 15:30:29 +01:00 · 2017-06-09 15:30:29 +01:00 · 5745778333
commit 5745778333
parent ca3ff06cea
1 changed files with 12 additions and 0 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -1632,6 +1632,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )

        ext = buf + 44 + sess_len + ciph_len + comp_len;

+        SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
+
        while( ext_len )
        {
            unsigned int ext_id   = ( ( ext[0] <<  8 )
@ -2328,6 +2330,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
    SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
                   ssl->session_negotiate->compression ) );

+    /* Do not write the extensions if the protocol is SSLv3 */
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+    if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
+    {
+#endif
+
    /*
     *  First write extensions, then the total length
     */
@ -2378,6 +2386,10 @@ static int ssl_write_server_hello( ssl_context *ssl )
        p += ext_len;
    }

+#if defined(POLARSSL_SSL_PROTO_SSL3)
+    }
+#endif
+
    ssl->out_msglen  = p - buf;
    ssl->out_msgtype = SSL_MSG_HANDSHAKE;
    ssl->out_msg[0]  = SSL_HS_SERVER_HELLO;