Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
diff --git a/ChangeLog b/ChangeLog
index 7b14ce8..f3b9de1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,8 @@
* cert_write app should use subject of issuer certificate as issuer of cert
* Fix false reject in padding check in ssl_decrypt_buf() for CBC
ciphersuites, for full SSL frames of data.
+ * Improve interoperability by not writing extension length in ClientHello /
+ ServerHello when no extensions are present (found by Matthew Page)
= PolarSSL 1.3.6 released on 2014-04-11
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 0a69f4d..cd0d8c2 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -651,9 +651,12 @@
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
ext_len ) );
- *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( ext_len ) & 0xFF );
- p += ext_len;
+ if( ext_len > 0 )
+ {
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+ p += ext_len;
+ }
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index dee6cd8..acf2ef2 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1921,9 +1921,12 @@
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
- *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( ext_len ) & 0xFF );
- p += ext_len;
+ if( ext_len > 0 )
+ {
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+ p += ext_len;
+ }
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
