diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-08-03 14:13:14 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-08-07 08:10:18 +0200 |
commit | a288a20ccdf63e6567070964b9b77771898c52d6 (patch) | |
tree | 24dd9dab9d2cfb5109cb4286c58f4c7b3be0cb06 /lib/handshake.c | |
parent | 08c29434308232863ec71fea15913dd9fe0a9b0c (diff) | |
download | gnutls-a288a20ccdf63e6567070964b9b77771898c52d6.tar.gz |
Ensure we are sending the right protocol version on second client hello
That is, when we respond to a Hello Retry Request as client, we put
the TLS1.2 version on the second client hello to send a hello that is
as close as possible to the original hello. That effectively separates
the handling of TLS1.2 rehandshake and TLS1.3 hello retry request
when sending a client hello.
Resolves #535
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/handshake.c')
-rw-r--r-- | lib/handshake.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/handshake.c b/lib/handshake.c index 7274bafebd..2c7524016e 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1991,12 +1991,13 @@ static int send_client_hello(gnutls_session_t session, int again) uint8_t session_id_len = session->internals.resumed_security_parameters.session_id_size; - /* note that rehandshake is different than resuming - */ - if (session->security_parameters.session_id_size) - rehandshake = 1; if (again == 0) { + /* note that rehandshake is different than resuming + */ + if (session->internals.initial_negotiation_completed) + rehandshake = 1; + ret = _gnutls_buffer_init_handshake_mbuffer(&extdata); if (ret < 0) return gnutls_assert_val(ret); |