safe renegotiation: handle case where client didn't send any extension

That was affected by the "don't try to send extensions we didn't receive".

1 files changed, 4 insertions, 0 deletions

diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c
index 314c4e2749..1a584182b1 100644
--- a/lib/ext/safe_renegotiation.c
+++ b/lib/ext/safe_renegotiation.c
@@ -60,6 +60,10 @@ _gnutls_ext_sr_finished(gnutls_session_t session, void *vdata,
 					   &epriv);
 	if (ret < 0) {
 		gnutls_assert();
+		/* if a client didn't advertise safe renegotiation, we treat
+		 * it as disabled. */
+		if (session->security_parameters.entity == GNUTLS_SERVER)
+			return 0;
 		return ret;
 	}
 	priv = epriv.ptr;