Server does not send out extensions not advertised by client
diff --git a/ChangeLog b/ChangeLog
index d9f3edb..0487932 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
PolarSSL ChangeLog (Sorted per branch, date)
+= PolarSSL 1.3 branch
+Bugfix
+ * Server does not send out extensions not advertised by client
+
= PolarSSL 1.3.1 released on 2013-10-15
Features
* Support for Brainpool curves and TLS ciphersuites (RFC 7027)
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index c682c0a..6654998 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -343,6 +343,13 @@
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
/*
+ * TLS extension flags (for extensions with outgoing ServerHello content
+ * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
+ * of state of the renegotiation flag, so no indicator is required)
+ */
+#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
+
+/*
* Size defines
*/
#if !defined(POLARSSL_MPI_MAX_SIZE)
@@ -546,6 +553,7 @@
int resume; /*!< session resume indicator*/
int max_major_ver; /*!< max. major version client*/
int max_minor_ver; /*!< max. minor version client*/
+ int cli_exts; /*!< client extension presence*/
#if defined(POLARSSL_SSL_SESSION_TICKETS)
int new_session_ticket; /*!< use NewSessionTicket? */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 5b35b94..9d50175 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1270,6 +1270,7 @@
case TLS_EXT_SUPPORTED_POINT_FORMATS:
SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
+ ssl->handshake->cli_exts |= TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
if( ret != 0 )
@@ -1546,7 +1547,12 @@
unsigned char *p = buf;
((void) ssl);
- *olen = 0;
+ if( ( ssl->handshake->cli_exts &
+ TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 )
+ {
+ *olen = 0;
+ return;
+ }
SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );