diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-11-25 12:28:28 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-11-25 12:28:28 +0000 |
commit | 1684846f5451f1048b71bcdf40c8ed0336d1695e (patch) | |
tree | d85580950008bc44d8d7bff674c4e46cdbfe650c /ssl | |
parent | dde6d9520ce58798149bc0b9920ba1d8971ea86c (diff) |
PR: 2240
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve
As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_lib.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f28142b34e..5cdd7e572a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1452,23 +1452,20 @@ int ssl_check_serverhello_tlsext(SSL *s) int al = SSL_AD_UNRECOGNIZED_NAME; #ifndef OPENSSL_NO_EC - /* If we are client and using an elliptic curve cryptography cipher suite, then server - * must return a an EC point formats lists containing uncompressed. + /* If we are client and using an elliptic curve cryptography cipher + * suite, then if server returns an EC point formats lists extension + * it must contain uncompressed. */ unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && + (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list; int found_uncompressed = 0; - if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0)) - { - SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - return -1; - } list = s->session->tlsext_ecpointformatlist; for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) { |