commit 2a0707210aec2ce3917c343ada43c27f176082d3
author Steven Valdez <svaldez@chromium.org> Sat Mar 25 20:54:16 2017 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Sun Mar 26 18:13:57 2017 +0000
tree 2f683b850d472d629e08c963cb09b7f5b0655ffc
parent 246eeee61a91edd953b4e58682356ba53eb4e0e0

Prevent Channel ID and Custom Extensions on 0-RTT.

Channel ID is incompatible with 0-RTT, so we gracefully decline 0-RTT
as a server and forbid their combination as a client. We'll keep this
logic around until Channel ID is removed.

Channel ID will be replaced by tokbind which currently uses custom
extensions. Those will need additional logic to work with 0-RTT.
This is not implemented yet so, for now, fail if both are ever
configured together at all. A later change will allow the two to
combine.

BUG=183

Change-Id: I46c5ba883ccd47930349691fb08074a1fab13d5f
Reviewed-on: https://boringssl-review.googlesource.com/14370
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/tls13_client.c

diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
index 9f586f5..0d60661 100644
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c
@@ -365,6 +365,10 @@
       OPENSSL_PUT_ERROR(SSL, SSL_R_ALPN_MISMATCH_ON_EARLY_DATA);
       return ssl_hs_error;
     }
+    if (ssl->s3->tlsext_channel_id_valid) {
+      OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_ON_EARLY_DATA);
+      return ssl_hs_error;
+    }
   }
 
   /* Release offered session now that it is no longer needed. */