MFC: Correct TLS extensions handling when no extensions are present.

If no TLS extensions are present in a client hello or server hello, omit
the entire extensions block, rather than including it with a length of
zero.

ok beck@ inoguchi@

Thanks to Eric Elena <eric at voguemerry dot com> for providing packet
captures and testing the fix.

1 files changed, 7 insertions, 1 deletions

diff --git a/src/lib/libssl/bytestring.h b/src/lib/libssl/bytestring.h
index d8c8e6ada6..42d3d5d6d1 100644
--- a/src/lib/libssl/bytestring.h
+++ b/src/lib/libssl/bytestring.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bytestring.h,v 1.15 2016/11/04 18:28:58 guenther Exp $        */
+/*      $OpenBSD: bytestring.h,v 1.15.6.1 2017/12/09 13:43:25 jsing Exp $       */
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -394,6 +394,12 @@ int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
 int CBB_flush(CBB *cbb);
 
 /*
+ * CBB_discard_child discards the current unflushed child of |cbb|. Neither the
+ * child's contents nor the length prefix will be included in the output.
+ */
+void CBB_discard_child(CBB *cbb);
+
+/*
  * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
  * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
  * length. It returns one on success or zero on error.