From 0430328e628d2e17fc7eca9e1ff131bfc3398cba Mon Sep 17 00:00:00 2001
From: bcook <>
Date: Wed, 19 Aug 2015 23:34:34 +0000
Subject: Properly handle missing TLS extensions in client hello as a
 non-failure.

Noticed by @Ligushka from github.
ok miod@, doug@
---
 src/lib/libssl/src/ssl/t1_lib.c | 4 +++-
 src/lib/libssl/t1_lib.c         | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 9ee495c790..b892fa9b91 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.82 2015/07/24 07:57:48 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.83 2015/08/19 23:34:34 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2087,6 +2087,8 @@ tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
 		return -1;
 
 	/* Now at start of extensions */
+	if (CBS_len(&session_id) == 0)
+		return 0;
 	if (!CBS_get_u16_length_prefixed(&session_id, &extensions))
 		return -1;
 
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 9ee495c790..b892fa9b91 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.82 2015/07/24 07:57:48 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.83 2015/08/19 23:34:34 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2087,6 +2087,8 @@ tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
 		return -1;
 
 	/* Now at start of extensions */
+	if (CBS_len(&session_id) == 0)
+		return 0;
 	if (!CBS_get_u16_length_prefixed(&session_id, &extensions))
 		return -1;
 
-- 
cgit v1.2.3-55-g6feb