From: Matt Caswell <matt@openssl.org>
Date: Fri, 18 May 2018 08:08:19 +0000 (+0100)
Subject: Don't send a warning alert in TLSv1.3
X-Git-Tag: OpenSSL_1_1_1-pre8~44
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=fb62e47c782397cadf607b92ce50f2bbe250d12e;p=oweals%2Fopenssl.git

Don't send a warning alert in TLSv1.3

TLSv1.3 ignores the alert level, so we should suppress sending of
warning only alerts.

Fixes #6211

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6370)
---

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 8885e5e0d7..496039e3d4 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -984,7 +984,9 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
         return 0;
 
     case SSL_TLSEXT_ERR_ALERT_WARNING:
-        ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
+        /* TLSv1.3 doesn't have warning alerts so we suppress this */
+        if (!SSL_IS_TLS13(s))
+            ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
         return 1;
 
     case SSL_TLSEXT_ERR_NOACK: