From 829a175777a008e2d7293b56bb0b6fb5056b0d29 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 17 Jul 2022 14:41:27 +0000
Subject: Correct TLSEXT_TYPE_quic_transport_parameters message types.

Per RFC 9001, TLSEXT_TYPE_quic_transport_parameters may only appear in
ClientHello and EncryptedExtensions (not ServerHello).

ok beck@ tb@
---
 src/lib/libssl/ssl_tlsext.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index fa1eef3587..a7c8f2d61d 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.119 2022/07/02 16:31:04 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.120 2022/07/17 14:41:27 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2245,7 +2245,7 @@ static const struct tls_extension tls_extensions[] = {
 #endif /* OPENSSL_NO_SRTP */
 	{
 		.type = TLSEXT_TYPE_quic_transport_parameters,
-		.messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
+		.messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
 		.client = {
 			.needs = tlsext_quic_transport_parameters_client_needs,
 			.build = tlsext_quic_transport_parameters_client_build,
-- 
cgit v1.2.3-55-g6feb