Commit a7036631 authored by Paul Bakker's avatar Paul Bakker
Browse files

Improve interop by not writing ext_len in ClientHello / ServerHello when 0

The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
parent c73079a7
......@@ -18,6 +18,8 @@ Bugfix
* cert_write app should use subject of issuer certificate as issuer of cert
* Fix false reject in padding check in ssl_decrypt_buf() for CBC
ciphersuites, for full SSL frames of data.
* Improve interoperability by not writing extension length in ClientHello /
ServerHello when no extensions are present (found by Matthew Page)
= PolarSSL 1.3.6 released on 2014-04-11
......
......@@ -651,9 +651,12 @@ static int ssl_write_client_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
ext_len ) );
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
if( ext_len > 0 )
{
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
}
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
......
......@@ -1921,9 +1921,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
if( ext_len > 0 )
{
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
}
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment