ERL-975: ssl:handshake/1 crashes for some client hello extensions

[OTP-Maintainer]

Original reporter: sg2342
Affected version: OTP-22.0.3
Fixed in version: OTP-22.0.4
Component: ssl
Migrated from: https://bugs.erlang.org/browse/ERL-975

---

the fix for ERL-887  (PR-2269) uses ssl_handshake:extension_value/1 to convert the internal
representation of the handshake state to a protocol_extensions() map.

If handshake_completion() is hello, ssl:handshake will crash whenever a client hello has extensions not covered by a ssl_handshake:extension_value/1 clause (for example client_hello_versions, key_share_client_hello, signature_algorithms).

[OTP-Maintainer]

ingela said:

Oh, that was bad.  We are planning to remove the internal records as they are not needed when we have the map but, but for now we did not want to leak internal data structures, alas TLS-1.3
support is so new that it is not yet enabled in all test. We will fix. 

[OTP-Maintainer]

peterdmv said:

I have uploaded a patch. Can you verify if it fixes this issue? Thanks!

[OTP-Maintainer]

sg2342 said:

The patch does fix the issue for me.

But the duplicate clause for supported_groups should be removed.

[OTP-Maintainer]

sg2342 said:

I reopen this issue because a *psk_key_exchange_modes* extension that might be included in (tls 1.2 and tls 1.3) client hello messages is not handled in ssl_handshake:extension_value/1.

In 22.1.7 a ssl server with handshake_completion set to hello will crash upon reception of a tls 1.2 client hello sent by firefox 60 or chrome 70.

[OTP-Maintainer]

peterdmv said:

The new issue is already reported in ERL-1095 and we will handle it in the new Jira case. As we would like to keep the original Jira case intact due to traceability, I'm closing this issue unchanged.