summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2017-09-05 12:42:19 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2017-09-05 12:42:19 +0700
commit606dae9bd0682a30fe97de5d03833d16ffbec5d0 (patch)
tree15d1b2c6af567cebefcc5885c4986684bc7e7d38
parentAdd expiry test case to PgpKeyRingTest (diff)
downloadBouncyCastle.NET-ed25519-606dae9bd0682a30fe97de5d03833d16ffbec5d0.tar.xz
Tolerate unexpected ec_point_formats in ServerHello
-rw-r--r--crypto/src/crypto/tls/AbstractTlsClient.cs10
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/src/crypto/tls/AbstractTlsClient.cs b/crypto/src/crypto/tls/AbstractTlsClient.cs
index be4702e5e..bddbab87f 100644
--- a/crypto/src/crypto/tls/AbstractTlsClient.cs
+++ b/crypto/src/crypto/tls/AbstractTlsClient.cs
@@ -42,6 +42,16 @@ namespace Org.BouncyCastle.Crypto.Tls
                  */
                 TlsEccUtilities.ReadSupportedEllipticCurvesExtension(extensionData);
                 return true;
+
+            case ExtensionType.ec_point_formats:
+                /*
+                 * Exception added based on field reports that some servers send this even when they
+                 * didn't negotiate an ECC cipher suite. If present, we still require that it is a valid
+                 * ECPointFormatList.
+                 */
+                TlsEccUtilities.ReadSupportedPointFormatsExtension(extensionData);
+                return true;
+
             default:
                 return false;
             }