From 9b7b4db9d7e5734f6c5c2193786c44cf1e273efb Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 27 Sep 2011 16:45:05 +0200
Subject: Both the SSLv3 and TLS 1.0/TLS 1.1 specifications require
 implementations to ignore data following the ClientHello (i.e., extensions)
 if they do not understand them.

Data not following the protocol format for extensions will be
ignored by the last dec_hello_extensions-clause.

OTP-8596
---
 lib/ssl/src/ssl_handshake.erl | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'lib/ssl/src/ssl_handshake.erl')

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 0ac1ba9d66..f873a6a913 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -914,11 +914,12 @@ dec_hello_extensions(<<?UINT16(?RENEGOTIATION_EXT), ?UINT16(Len), Info:Len/binar
 		      end,	    
     dec_hello_extensions(Rest, [{renegotiation_info, 
 			   #renegotiation_info{renegotiated_connection = RenegotiateInfo}} | Acc]);
+
+%% Ignore data following the ClientHello (i.e.,
+%% extensions) if not understood.
 dec_hello_extensions(<<?UINT16(_), ?UINT16(Len), _Unknown:Len/binary, Rest/binary>>, Acc) ->
     dec_hello_extensions(Rest, Acc);
-%% Need this clause?
-%% I don't think we need this clause anymore. It was previously catching parsing errors caused by the missing /binary.
-%% Maybe we should be logging an error somewhere because we really should not be entering this clause.
+%% This theoretically should not happen if the protocol is followed, but if it does it is ignored.
 dec_hello_extensions(_, Acc) ->
     Acc.
 
-- 
cgit v1.2.3