Restore compatibility with GOST2001 implementations.

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7985)
author: Dmitry Belyavskiy <beldmit@gmail.com> 2019-01-04 18:38:29 +0100
committer: Matt Caswell <matt@openssl.org> 2019-01-06 11:15:39 +0100
commit: 673e0bbbe4b9cbd19a247c0b18c171bb0421915a (patch)
tree: 886a7a697f46f6fba367f943605571f83f367812 /ssl
parent: Fix no-sock (diff)
download: openssl-673e0bbbe4b9cbd19a247c0b18c171bb0421915a.tar.xz
openssl-673e0bbbe4b9cbd19a247c0b18c171bb0421915a.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index c5492184f7..ffa4b460f7 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -623,7 +623,12 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
                 && type != TLSEXT_TYPE_cookie
                 && type != TLSEXT_TYPE_renegotiate
                 && type != TLSEXT_TYPE_signed_certificate_timestamp
-                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {
+                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0
+#ifndef OPENSSL_NO_GOST
+                && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+                     && type == TLSEXT_TYPE_cryptopro_bug)
+#endif
+								) {
             SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
                      SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
             goto err;
author	Dmitry Belyavskiy <beldmit@gmail.com>	2019-01-04 18:38:29 +0100
committer	Matt Caswell <matt@openssl.org>	2019-01-06 11:15:39 +0100
commit	673e0bbbe4b9cbd19a247c0b18c171bb0421915a (patch)
tree	886a7a697f46f6fba367f943605571f83f367812 /ssl
parent	Fix no-sock (diff)
download	openssl-673e0bbbe4b9cbd19a247c0b18c171bb0421915a.tar.xz openssl-673e0bbbe4b9cbd19a247c0b18c171bb0421915a.zip