fix exception during DTLS server handshake when the client has no extensions

2 files changed, 2 insertions, 2 deletions

diff --git a/crypto/Contributors.html b/crypto/Contributors.html

index 2f9bb6a22..7764cac94 100644
--- a/crypto/Contributors.html
+++ b/crypto/Contributors.html
@@ -278,7 +278,7 @@ University of Wollongong, Institute of Cybersecurity and Cryptology, under the s
 			<p>Daniel Bleichenbacher - Fixed rounding issue in FF1. Reported incompatible RFC 3394 wrapping of 64 bit keys.</p>
 		</li>
 		<li>
-			<p>Patrick (https://github.com/patagonaa) - Initial PR for DTLS Connection ID support (RFC 9146). PR to make DTLS initial resend timeout configurable.</p>
+			<p>Patrick (https://github.com/patagonaa) - Initial PR for DTLS Connection ID support (RFC 9146). Fixed NPE in connection ID code. PR to make DTLS initial resend timeout configurable.</p>
 		</li>
 		<li>
 			<p>Anh Vo (https://github.com/anhvoms) - Ported OpenSSH utilities from bc-java.</p>
diff --git a/crypto/src/tls/AbstractTlsServer.cs b/crypto/src/tls/AbstractTlsServer.cs

index 9f107d905..352002fbf 100644
--- a/crypto/src/tls/AbstractTlsServer.cs
+++ b/crypto/src/tls/AbstractTlsServer.cs
@@ -604,7 +604,7 @@ namespace Org.BouncyCastle.Tls
                  * RFC 9146 3. When a DTLS session is resumed or renegotiated, the "connection_id" extension is
                  * negotiated afresh.
                  */
-                if (m_clientExtensions.ContainsKey(ExtensionType.connection_id))
+                if (m_clientExtensions != null && m_clientExtensions.ContainsKey(ExtensionType.connection_id))
                 {
                     var serverConnectionID = GetNewConnectionID();
                     if (serverConnectionID != null)