Permit the "supported_groups" extension in ServerHellos
authorBenjamin Kaduk <bkaduk@akamai.com>
Wed, 4 Oct 2017 16:02:23 +0000 (11:02 -0500)
committerBen Kaduk <kaduk@mit.edu>
Wed, 3 Jan 2018 15:43:54 +0000 (09:43 -0600)
commit7bc2bddb14246f78da5d314e034359d44e55ce69
tree1e87ea994225c51635ee1074bfd0081f8f5fb618
parent818b625d6c906ef40bfaf4403c278db8ba7bfa09
Permit the "supported_groups" extension in ServerHellos

Although this is forbidden by all three(!) relevant specifications,
there seem to be multiple server implementations in the wild that
send it.  Since we didn't check for unexpected extensions in any
given message type until TLS 1.3 support was added, our previous
behavior was to silently accept these extensions and pass them over
to the custom extension callback (if any).  In order to avoid
regression of functionality, relax the check for "extension in
unexpected context" for this specific case, but leave the protocol
enforcment mechanism unchanged for other extensions and in other
extension contexts.

Leave a detailed comment to indicate what is going on.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4463)
ssl/statem/extensions.c