diff options
| author | Matt Caswell <matt@openssl.org> | 2017-05-08 16:51:47 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-05-09 17:23:58 +0100 |
| commit | 07d447a6fcd02bbccca9f7bd139cf0554fedf48c (patch) | |
| tree | e72f868ff5ae408aef8c5937f140b7b4efcd9ca2 /ssl/statem/extensions.c | |
| parent | ad448b21f8dcb0f2c60f7edcec6f00f0857c474f (diff) | |
| download | openssl-07d447a6fcd02bbccca9f7bd139cf0554fedf48c.tar.gz | |
Don't do the final key_share checks if we are in an HRR
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3414)
Diffstat (limited to 'ssl/statem/extensions.c')
| -rw-r--r-- | ssl/statem/extensions.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8984577d4f..9b16014f7b 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1058,6 +1058,10 @@ static int final_key_share(SSL *s, unsigned int context, int sent, int *al) if (!SSL_IS_TLS13(s)) return 1; + /* Nothing to do for key_share in an HRR */ + if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) + return 1; + /* * If * we are a client |