Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a struct {} (empty) not an array of length zero.
This commit is contained in:
parent
c73079a78c
commit
a70366317d
3 changed files with 14 additions and 6 deletions
|
@ -18,6 +18,8 @@ Bugfix
|
|||
* cert_write app should use subject of issuer certificate as issuer of cert
|
||||
* Fix false reject in padding check in ssl_decrypt_buf() for CBC
|
||||
ciphersuites, for full SSL frames of data.
|
||||
* Improve interoperability by not writing extension length in ClientHello /
|
||||
ServerHello when no extensions are present (found by Matthew Page)
|
||||
|
||||
= PolarSSL 1.3.6 released on 2014-04-11
|
||||
|
||||
|
|
|
@ -651,9 +651,12 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
|
||||
ext_len ) );
|
||||
|
||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
||||
p += ext_len;
|
||||
if( ext_len > 0 )
|
||||
{
|
||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
||||
p += ext_len;
|
||||
}
|
||||
|
||||
ssl->out_msglen = p - buf;
|
||||
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
||||
|
|
|
@ -1921,9 +1921,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
|||
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
|
||||
|
||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
||||
p += ext_len;
|
||||
if( ext_len > 0 )
|
||||
{
|
||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
|
||||
p += ext_len;
|
||||
}
|
||||
|
||||
ssl->out_msglen = p - buf;
|
||||
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
||||
|
|
Loading…
Reference in a new issue