From: Matt Caswell Date: Tue, 16 May 2017 11:04:00 +0000 (+0100) Subject: Allow a missing sig algs extension if resuming X-Git-Tag: OpenSSL_1_1_1-pre1~1496 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=108d45df737f5b0a4842de02c3f8ff1b9b07306f;p=oweals%2Fopenssl.git Allow a missing sig algs extension if resuming The current TLSv1.3 spec says: 'If a server is authenticating via a certificate and the client has not sent a "signature_algorithms" extension, then the server MUST abort the handshake with a "missing_extension" alert (see Section 8.2).' If we are resuming then we are not "authenticating via a certificate" but we were still aborting with the missing_extension alert if sig algs was missing. This commit ensures that we only send the alert if we are not resuming. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3478) --- diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index fd76337564..68d8cea0bd 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1081,7 +1081,7 @@ static int init_srtp(SSL *s, unsigned int context) static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al) { - if (!sent && SSL_IS_TLS13(s)) { + if (!sent && SSL_IS_TLS13(s) && !s->hit) { *al = TLS13_AD_MISSING_EXTENSION; SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION); return 0;