Stop sending record size limit extension if it's not sent from client
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index c9fddda..36d1c05 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -2500,6 +2500,9 @@
size_t extensions_len = 0;
unsigned char *p_extensions_len;
size_t output_len;
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ uint32_t record_size_extension_mask;
+#endif
*out_len = 0;
@@ -2531,12 +2534,15 @@
#endif /* MBEDTLS_SSL_EARLY_DATA */
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
- ret = mbedtls_ssl_tls13_write_record_size_limit_ext(
- ssl, MBEDTLS_SSL_IN_CONTENT_LEN, p, end, &output_len);
- if (ret != 0) {
- return ret;
+ record_size_extension_mask = mbedtls_ssl_get_extension_mask(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT);
+ if (ssl->handshake->received_extensions | record_size_extension_mask) {
+ ret = mbedtls_ssl_tls13_write_record_size_limit_ext(
+ ssl, p, end, &output_len);
+ if (ret != 0) {
+ return ret;
+ }
+ p += output_len;
}
- p += output_len;
#endif
extensions_len = (p - p_extensions_len) - 2;