Allow trusted_ca_keys with TLSv1.3

LinuxJedi · LinuxJedi · commit 5e6cb2b0b66a · 2025-06-09T08:31:54.000+01:00
It is possible that the client will provied `trusted_ca_keys` during a
TLSv1.3 connection with 1.2 downgrade. wolfSSL would error with
`EXT_NOT_ALLOWED`. The TLSv1.3 spec states that it can be provided and
should be ignored.

ZD 19936
diff --git a/src/tls.c b/src/tls.c
@@ -16149,7 +16149,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
                 /* RFC 8446 4.2.4 states trusted_ca_keys is not used
                    in TLS 1.3. */
                 if (IsAtLeastTLSv1_3(ssl->version)) {
-                    return EXT_NOT_ALLOWED;
+                    break;
                 }
                 else
 #endif
diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf
@@ -51,7 +51,7 @@
 -v 3
 -H exitWithRet
 
-# server TLSv1.2 
+# server TLSv1.2
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -H exitWithRet
@@ -60,7 +60,7 @@
 -v 4
 -H exitWithRet
 
-# server TLSv1.2 
+# server TLSv1.2
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -H exitWithRet
@@ -119,3 +119,10 @@
 -7 3
 -s
 -l ECDHE-PSK-AES128-GCM-SHA256
+
+# server TLSv1.3
+-v 4
+
+# client downgrade with trusted ca
+-v d
+-5

Original file line number	Diff line number	Diff line change
`@@ -16149,7 +16149,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,`
`16149`	`16149`	`/* RFC 8446 4.2.4 states trusted_ca_keys is not used`
`16150`	`16150`	`in TLS 1.3. */`
`16151`	`16151`	`if (IsAtLeastTLSv1_3(ssl->version)) {`
`16152`		`- return EXT_NOT_ALLOWED;`
	`16152`	`+ break;`
`16153`	`16153`	`}`
`16154`	`16154`	`else`
`16155`	`16155`	`#endif`