diff options
Diffstat (limited to 'lib/ssl/tls13con.c')
-rw-r--r-- | lib/ssl/tls13con.c | 25 |
1 files changed, 1 insertions, 24 deletions
diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index 5f24f4d43..23fe279a8 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -5063,8 +5063,6 @@ loser: static SECStatus tls13_FinishHandshake(sslSocket *ss) { - /* If |!echHpkeCtx|, any advertised ECH was GREASE ECH. */ - PRBool offeredEch = !ss->sec.isServer && ss->ssl3.hs.echHpkeCtx; PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss)); PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert(ss->ssl3.hs.restartTarget == NULL); @@ -5080,28 +5078,7 @@ tls13_FinishHandshake(sslSocket *ss) TLS13_SET_HS_STATE(ss, idle_handshake); - PORT_Assert(ss->ssl3.hs.echAccepted || - (ss->opt.enableTls13BackendEch && - ss->xtnData.ech && - ss->xtnData.ech->receivedInnerXtn) == - ssl3_ExtensionNegotiated(ss, ssl_tls13_encrypted_client_hello_xtn)); - if (offeredEch && !ss->ssl3.hs.echAccepted) { - SSL3_SendAlert(ss, alert_fatal, ech_required); - - /* "If [one, none] of the retry_configs contains a supported version, the client can - * regard ECH as securely [replaced, disabled] by the server." */ - if (ss->xtnData.ech && ss->xtnData.ech->retryConfigs.len) { - PORT_SetError(SSL_ERROR_ECH_RETRY_WITH_ECH); - ss->xtnData.ech->retryConfigsValid = PR_TRUE; - } else { - PORT_SetError(SSL_ERROR_ECH_RETRY_WITHOUT_ECH); - } - return SECFailure; - } - - ssl_FinishHandshake(ss); - - return SECSuccess; + return ssl_FinishHandshake(ss); } /* Do the parts of sending the client's second round that require |