tls.c: send missing_extension alert on TLS 1.3 SNI absence#10332
tls.c: send missing_extension alert on TLS 1.3 SNI absence#10332jackctj117 wants to merge 1 commit intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR adjusts TLS alert behavior in TLSX_SNI_VerifyParse to better align with TLS 1.3 expectations by sending a different fatal alert when SNI is missing or doesn’t match.
Changes:
- For TLS 1.3+, send
missing_extensioninstead ofhandshake_failurewhen SNI is absent. - For TLS 1.3+, also send
missing_extensioninstead ofhandshake_failurewhen SNI hasNO_MATCH. - Preserve
handshake_failurebehavior for pre–TLS 1.3.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| SendAlert(ssl, alert_fatal, | ||
| IsAtLeastTLSv1_3(ssl->version) | ||
| ? missing_extension | ||
| : handshake_failure); |
There was a problem hiding this comment.
missing_extension is intended for cases where a required extension is absent. In this branch, the SNI extension appears to be present but has WOLFSSL_SNI_NO_MATCH, so missing_extension is likely the wrong alert for TLS 1.3+. Consider using an alert that reflects 'name not recognized' (commonly unrecognized_name per RFC 6066) for the NO_MATCH case, and reserve missing_extension for the truly-absent-extension branch.
| SendAlert(ssl, alert_fatal, | ||
| IsAtLeastTLSv1_3(ssl->version) | ||
| ? missing_extension | ||
| : handshake_failure); |
There was a problem hiding this comment.
The TLS-version-dependent alert selection logic is duplicated across both error branches. To reduce repetition and keep future protocol tweaks consistent, consider computing the chosen alert once (e.g., a local int alert = ...) and reusing it in both places, or extracting a small helper for 'SNI required' alert selection.
| SendAlert(ssl, alert_fatal, | ||
| IsAtLeastTLSv1_3(ssl->version) | ||
| ? missing_extension | ||
| : handshake_failure); |
There was a problem hiding this comment.
The TLS-version-dependent alert selection logic is duplicated across both error branches. To reduce repetition and keep future protocol tweaks consistent, consider computing the chosen alert once (e.g., a local int alert = ...) and reusing it in both places, or extracting a small helper for 'SNI required' alert selection.
|
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10332
Scan targets checked: wolfssl-bugs, wolfssl-src
No new issues found in the changed files. ✅
This pull request updates the alert handling logic in the
TLSX_SNI_VerifyParsefunction to improve compliance with TLS 1.3 requirements. Specifically, it changes the type of alert sent when the SNI (Server Name Indication) extension is absent or does not match, sending amissing_extensionalert for TLS 1.3 and above, while maintaining the previous behavior for earlier versions.Alert handling improvements for TLS 1.3:
TLSX_SNI_VerifyParseinsrc/tls.cto send amissing_extensionalert instead ofhandshake_failurewhen the SNI extension is missing or has no match, but only for TLS 1.3 and above. For earlier versions, the function still sendshandshake_failure. [1] [2]