From 3293bcf7c592590a2d4b34dd11485cd1836fd475 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 17 Jul 2022 14:41:27 +0000
Subject: [PATCH] Correct TLSEXT_TYPE_quic_transport_parameters message types.

Per RFC 9001, TLSEXT_TYPE_quic_transport_parameters may only appear in
ClientHello and EncryptedExtensions (not ServerHello).

ok beck@ tb@
---
 lib/libssl/ssl_tlsext.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index fa1eef35874..a7c8f2d61d0 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.119 2022/07/02 16:31:04 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.120 2022/07/17 14:41:27 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2245,7 +2245,7 @@ static const struct tls_extension tls_extensions[] = {
 #endif /* OPENSSL_NO_SRTP */
 	{
 		.type = TLSEXT_TYPE_quic_transport_parameters,
-		.messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
+		.messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
 		.client = {
 			.needs = tlsext_quic_transport_parameters_client_needs,
 			.build = tlsext_quic_transport_parameters_client_build,
-- 
2.20.1