Fix incompatability with (some) common TLS stack

Several sites including oracle.com seem to send extension 11
(point format) even if we (the client) did not send it. Then the
handshake fails. To workaround this problem, simply always send this
extension as the client, instead of only sending it if we wished to
support compressed points.

1 files changed, 8 insertions, 8 deletions

diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index 50c83c10c..2a42e1144 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -116,10 +116,10 @@ Client_Hello::Client_Hello(Handshake_IO& io,
 
    m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
 
-   if(!policy.allowed_ecc_curves().empty() && policy.use_ecc_point_compression())
-   {
-      m_extensions.add(new Supported_Point_Formats());
-   }
+   if(!policy.allowed_ecc_curves().empty())
+      {
+      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
+      }
 
    if(m_version.supports_negotiable_signature_algorithms())
       m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(),
@@ -165,10 +165,10 @@ Client_Hello::Client_Hello(Handshake_IO& io,
    m_extensions.add(new Session_Ticket(session.session_ticket()));
    m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
 
-   if(!policy.allowed_ecc_curves().empty() && policy.use_ecc_point_compression())
-   {
-      m_extensions.add(new Supported_Point_Formats());
-   }
+   if(!policy.allowed_ecc_curves().empty())
+      {
+      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
+      }
 
    if(session.supports_encrypt_then_mac())
       m_extensions.add(new Encrypt_then_MAC);