_gnutls_parse_hello_extensions: enforce that pre-shared-key extension is lasttmp-fix-order-extensions

This is a requirement in draft-ietf-tls-tls13-28 4.2.11 section: The "pre_shared_key" extension MUST be the last extension in the ClientHello (this facilitates implementation as described below). Servers MUST check that it is the last extension and otherwise fail the handshake with an "illegal_parameter" alert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-06-12 10:16:10 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-06-12 10:16:14 +0200
commit: 64abc885ee83884d2ec117ef63ce33ed7404b5b4 (patch)
tree: 53b6428b37dfe670283dcb392bd80cb595e8ce58 /lib/ext/pre_shared_key.c
parent: 739239e33499d350a3fb9697e303fc2d2333d223 (diff)
download: gnutls-tmp-fix-order-extensions.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index dce24d80a1..b12d853af8 100644
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -749,7 +749,7 @@ static int _gnutls_psk_recv_params(gnutls_session_t session,
 
 const hello_ext_entry_st ext_pre_shared_key = {
 	.name = "Pre Shared Key",
-	.tls_id = 41,
+	.tls_id = PRE_SHARED_KEY_TLS_ID,
 	.gid = GNUTLS_EXTENSION_PRE_SHARED_KEY,
 	.parse_type = GNUTLS_EXT_TLS,
 	.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-06-12 10:16:10 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-06-12 10:16:14 +0200
commit	64abc885ee83884d2ec117ef63ce33ed7404b5b4 (patch)
tree	53b6428b37dfe670283dcb392bd80cb595e8ce58 /lib/ext/pre_shared_key.c
parent	739239e33499d350a3fb9697e303fc2d2333d223 (diff)
download	gnutls-tmp-fix-order-extensions.tar.gz