diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-01-24 19:13:52 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-01-24 19:13:52 +0000 |
| commit | 6f3fe05234d7ac9b541dd5101ccbae82a596ed16 (patch) | |
| tree | 960c2e25b7007da20cc4c4c680c54a6f98fcace1 | |
| parent | 49f5837f59a0e08e3818368cad99ab0456b32fc5 (diff) | |
| parent | 8409f849969b460b49fc6904b0340d84a2689aeb (diff) | |
| download | gnutls-6f3fe05234d7ac9b541dd5101ccbae82a596ed16.tar.gz | |
Merge branch 'tmp-fix-no-extensions' into 'master'
The flag %NO_EXTENSIONS is disabling extension support while being functional
See merge request gnutls/gnutls!870
| -rw-r--r-- | doc/cha-gtls-app.texi | 3 | ||||
| -rw-r--r-- | lib/ext/ext_master_secret.c | 2 | ||||
| -rw-r--r-- | lib/ext/safe_renegotiation.c | 3 | ||||
| -rw-r--r-- | tests/no-extensions.c | 8 |
4 files changed, 11 insertions, 5 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 393283e0c9..8d5d9b7cfa 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1507,7 +1507,8 @@ with %COMPAT. @item %NO_EXTENSIONS @tab will prevent the sending of any TLS extensions in client side. Note that TLS 1.2 requires extensions to be used, as well as safe -renegotiation thus this option must be used with care. +renegotiation thus this option must be used with care. When this option +is set with TLS1.3 enabled the session behavior is undefined. @item %NO_TICKETS @tab will prevent the advertizing of the TLS session ticket extension. diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index bafdd7ebd0..f4843e186f 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -72,6 +72,7 @@ _gnutls_ext_master_secret_recv_params(gnutls_session_t session, ssize_t data_size = _data_size; if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + session->internals.priorities->no_extensions || session->internals.no_ext_master_secret != 0) { return 0; } @@ -104,6 +105,7 @@ _gnutls_ext_master_secret_send_params(gnutls_session_t session, gnutls_buffer_st * extdata) { if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + session->internals.priorities->no_extensions != 0 || session->internals.no_ext_master_secret != 0) { session->security_parameters.ext_master_secret = 0; return 0; diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c index 26d25165bc..8e8798dc5b 100644 --- a/lib/ext/safe_renegotiation.c +++ b/lib/ext/safe_renegotiation.c @@ -54,7 +54,8 @@ _gnutls_ext_sr_finished(gnutls_session_t session, void *vdata, sr_ext_st *priv; gnutls_ext_priv_data_t epriv; - if (session->internals.priorities->sr == SR_DISABLED) { + if (session->internals.priorities->sr == SR_DISABLED || + session->internals.priorities->no_extensions) { return 0; } diff --git a/tests/no-extensions.c b/tests/no-extensions.c index 76e0040dae..9ea03446ed 100644 --- a/tests/no-extensions.c +++ b/tests/no-extensions.c @@ -130,7 +130,7 @@ void start(const char *prio) &server_cert, &server_key, GNUTLS_X509_FMT_PEM); - gnutls_init(&server, GNUTLS_SERVER|GNUTLS_NO_EXTENSIONS); + gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); assert(gnutls_priority_set_direct(server, prio, NULL)>=0); @@ -152,7 +152,7 @@ void start(const char *prio) if (ret < 0) exit(1); - ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS); + ret = gnutls_init(&client, GNUTLS_CLIENT); if (ret < 0) exit(1); @@ -203,5 +203,7 @@ void start(const char *prio) void doit(void) { - start("NORMAL:-VERS-ALL:+VERS-TLS1.0:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.0:%NO_EXTENSIONS"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.1:%NO_EXTENSIONS"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_EXTENSIONS"); } |