diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/ssl3ext.c | 1 | ||||
-rw-r--r-- | lib/ssl/tls13con.c | 2 | ||||
-rw-r--r-- | lib/ssl/tls13exthandle.c | 9 | ||||
-rw-r--r-- | lib/ssl/tls13exthandle.h | 2 |
4 files changed, 13 insertions, 1 deletions
diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index de7523566..0bc7b955b 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -45,6 +45,7 @@ static const ssl3ExtensionHandler clientHelloHandlers[] = { { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, + { ssl_tls13_certificate_authorities_xtn, &tls13_ServerHandleCertAuthoritiesXtn }, { ssl_signature_algorithms_xtn, &ssl3_HandleSigAlgsXtn }, { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn }, { ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn }, diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index 144731982..fbbc510f1 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -5654,7 +5654,7 @@ static const struct { certificate) }, { ssl_delegated_credentials_xtn, _M2(client_hello, certificate) }, { ssl_tls13_cookie_xtn, _M2(client_hello, hello_retry_request) }, - { ssl_tls13_certificate_authorities_xtn, _M1(certificate_request) }, + { ssl_tls13_certificate_authorities_xtn, _M2(client_hello, certificate_request) }, { ssl_tls13_supported_versions_xtn, _M3(client_hello, server_hello, hello_retry_request) }, { ssl_record_size_limit_xtn, _M2(client_hello, encrypted_extensions) }, diff --git a/lib/ssl/tls13exthandle.c b/lib/ssl/tls13exthandle.c index 4d24b37d6..4d8c711bd 100644 --- a/lib/ssl/tls13exthandle.c +++ b/lib/ssl/tls13exthandle.c @@ -1217,6 +1217,15 @@ loser: } SECStatus +tls13_ServerHandleCertAuthoritiesXtn(const sslSocket *ss, TLSExtensionData *xtnData, SECItem *data) +{ + SSL_TRC(3, ("%d: TLS13[%d]: ignore certificate_authorities extension", + SSL_GETPID(), ss->fd)); + /* NSS ignores certificate_authorities in the ClientHello */ + return SECSuccess; +} + +SECStatus tls13_ServerSendHrrKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, sslBuffer *buf, PRBool *added) { diff --git a/lib/ssl/tls13exthandle.h b/lib/ssl/tls13exthandle.h index fb4a18965..e4247e295 100644 --- a/lib/ssl/tls13exthandle.h +++ b/lib/ssl/tls13exthandle.h @@ -75,6 +75,8 @@ SECStatus tls13_SendCertAuthoritiesXtn(const sslSocket *ss, SECStatus tls13_ClientHandleCertAuthoritiesXtn(const sslSocket *ss, TLSExtensionData *xtnData, SECItem *data); +SECStatus tls13_ServerHandleCertAuthoritiesXtn(const sslSocket *ss, TLSExtensionData *xtnData, SECItem *data); + SECStatus tls13_ServerHandleCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData, SECItem *data); |