diff --git a/ChangeLog b/ChangeLog index 7b14ce8c4..f3b9de1a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,8 @@ Bugfix * cert_write app should use subject of issuer certificate as issuer of cert * Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites, for full SSL frames of data. + * Improve interoperability by not writing extension length in ClientHello / + ServerHello when no extensions are present (found by Matthew Page) = PolarSSL 1.3.6 released on 2014-04-11 diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 0a69f4d37..cd0d8c2a7 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -651,9 +651,12 @@ static int ssl_write_client_hello( ssl_context *ssl ) SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d", ext_len ) ); - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); - p += ext_len; + if( ext_len > 0 ) + { + *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + p += ext_len; + } ssl->out_msglen = p - buf; ssl->out_msgtype = SSL_MSG_HANDSHAKE; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index dee6cd8ab..acf2ef24c 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1921,9 +1921,12 @@ static int ssl_write_server_hello( ssl_context *ssl ) SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) ); - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); - p += ext_len; + if( ext_len > 0 ) + { + *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + p += ext_len; + } ssl->out_msglen = p - buf; ssl->out_msgtype = SSL_MSG_HANDSHAKE;