Bug 1311701 - Allow unknown extensions in TLS 1.3 NewSessionTicket. r=mt

Reviewers: mt Reviewed By: mt Differential Revision: https://nss-dev.phacility.com/D101
sailfishos-mirror · Oct 20, 2016 · 75198ed · 75198ed
1 parent a8dacae
commit 75198ed
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/external_tests/nss_bogo_shim/config.json b/external_tests/nss_bogo_shim/config.json
@@ -1,6 +1,5 @@
 {
     "DisabledTests": {
-        "TLS13-CustomTicketExtension":"Draft version mismatch (NSS=15, BoGo=14)",
         "FallbackSCSV-VersionMatch":"Draft version mismatch (NSS=15, BoGo=14)",
         "*KeyUpdate*":"KeyUpdate Unimplemented",
         "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975",

diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
@@ -3810,9 +3810,10 @@ tls13_ExtensionAllowed(PRUint16 extension, SSL3HandshakeType message)
             break;
     }
     if (i == PR_ARRAY_SIZE(KnownExtensions)) {
-        /* We have never heard of this extension which is OK on
-         * the server but not the client. */
-        return message == client_hello;
+        /* We have never heard of this extension which is OK
+         * in client_hello and new_session_ticket. */
+        return (message == client_hello) ||
+                (message == new_session_ticket);
     }
 
     switch (KnownExtensions[i].status) {