commit 1e4ae00ac2beb893aa59b9a98eb70908332904ba
author David Benjamin <davidben@google.com> Fri Mar 25 18:56:10 2016 -0400
committer David Benjamin <davidben@google.com> Tue Mar 29 00:46:05 2016 +0000
tree a35076578624a30e51c1deca17f3b6de476ad846
parent 44477c03b96d2ca8f25111ef25e71e6405ee4f22

Add a comment about final empty extension intolerance.

We reordered extensions some time ago to ensure a non-empty extension was last,
but the comment was since lost (or I forgot to put one in in the first place).
Add one now so we don't regress.

Change-Id: I2f6e2c3777912eb2c522a54bbbee579ee37ee58a
Reviewed-on: https://boringssl-review.googlesource.com/7570
Reviewed-by: David Benjamin <davidben@google.com>

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8facdd3..1d4565f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2037,6 +2037,9 @@
     ext_ec_point_parse_clienthello,
     ext_ec_point_add_serverhello,
   },
+  /* The final extension must be non-empty. WebSphere Application Server 7.0 is
+   * intolerant to the last extension being zero-length. See
+   * https://crbug.com/363583. */
   {
     TLSEXT_TYPE_elliptic_curves,
     ext_ec_curves_init,
@@ -2123,9 +2126,10 @@
        * NB: because this code works out the length of all existing extensions
        * it MUST always appear last. */
       size_t padding_len = 0x200 - header_len;
-      /* Extensions take at least four bytes to encode. Always include least
+      /* Extensions take at least four bytes to encode. Always include at least
        * one byte of data if including the extension. WebSphere Application
-       * Server 7.0 is intolerant to the last extension being zero-length. */
+       * Server 7.0 is intolerant to the last extension being zero-length. See
+       * https://crbug.com/363583. */
       if (padding_len >= 4 + 1) {
         padding_len -= 4;
       } else {