Improve interop by not writing ext_len in ClientHello / ServerHello when 0

The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
This commit is contained in:
Paul Bakker 2014-04-30 10:15:38 +02:00
parent c73079a78c
commit a70366317d
3 changed files with 14 additions and 6 deletions

View file

@ -18,6 +18,8 @@ Bugfix
* cert_write app should use subject of issuer certificate as issuer of cert
* Fix false reject in padding check in ssl_decrypt_buf() for CBC
ciphersuites, for full SSL frames of data.
* Improve interoperability by not writing extension length in ClientHello /
ServerHello when no extensions are present (found by Matthew Page)
= PolarSSL 1.3.6 released on 2014-04-11

View file

@ -651,9 +651,12 @@ static int ssl_write_client_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
ext_len ) );
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
if( ext_len > 0 )
{
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
}
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;

View file

@ -1921,9 +1921,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
if( ext_len > 0 )
{
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
}
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;