Prevent both early data and custom extensions from being accepted. This loosens the earlier restriction to match Channel ID. Both may be configured and offered, but the server is obligated to select only one of them. This aligns with the current tokbind + 0-RTT draft where the combination is signaled by a separate extension. Bug: 183 Change-Id: I786102a679999705d399f0091f76da236be091c2 Reviewed-on: https://boringssl-review.googlesource.com/19124 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com>

commit: f4ecc84644789f6533c042dd6596b289d1371f02 [log] [tgz]
author: Steven Valdez <svaldez@google.com> Thu Aug 10 14:02:56 2017 -0400
committer: Steven Valdez <svaldez@google.com> Mon Aug 14 20:15:54 2017 +0000
tree: 972586280b4f94aa8e24a2e0cf3ab53edd97fef0
parent: 78f5e7573902345a9354385739cb3776ab29ae7d [diff] [blame]
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 2b802c4..a3ed8a7 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc

@@ -380,6 +380,8 @@
           hs->early_data_offered &&
           /* Channel ID is incompatible with 0-RTT. */
           !ssl->s3->tlsext_channel_id_valid &&
+          /* Custom extensions is incompatible with 0-RTT. */
+          hs->custom_extensions.received == 0 &&
           /* The negotiated ALPN must match the one in the ticket. */
           ssl->s3->alpn_selected_len == session->early_alpn_len &&
           OPENSSL_memcmp(ssl->s3->alpn_selected, session->early_alpn,
commit	f4ecc84644789f6533c042dd6596b289d1371f02	[log] [tgz]
author	Steven Valdez <svaldez@google.com>	Thu Aug 10 14:02:56 2017 -0400
committer	Steven Valdez <svaldez@google.com>	Mon Aug 14 20:15:54 2017 +0000
tree	972586280b4f94aa8e24a2e0cf3ab53edd97fef0
parent	78f5e7573902345a9354385739cb3776ab29ae7d [diff] [blame]