WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix trusted_ca_keys extension allowed logic.

pull/6528/head
Kareem 2023-06-13 14:20:34 -07:00
parent 8473275fc6
commit 75c8d87353
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/tls.c
View File

@ -13203,15 +13203,16 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
#endif #endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
/* RFC 8446 4.2.4 states trusted_ca_keys is not used
in TLS 1.3. */
if (IsAtLeastTLSv1_3(ssl->version)) { if (IsAtLeastTLSv1_3(ssl->version)) {
if (msgType != client_hello && return EXT_NOT_ALLOWED;
msgType != encrypted_extensions)
return EXT_NOT_ALLOWED;
} }
else else
#endif #endif
{ {
if (msgType != client_hello) if (msgType != client_hello &&
msgType != server_hello)
return EXT_NOT_ALLOWED; return EXT_NOT_ALLOWED;
} }
ret = TCA_PARSE(ssl, input + offset, size, isRequest); ret = TCA_PARSE(ssl, input + offset, size, isRequest);