Ensure we are sending the right protocol version on second client hello

That is, when we respond to a Hello Retry Request as client, we put the TLS1.2 version on the second client hello to send a hello that is as close as possible to the original hello. That effectively separates the handling of TLS1.2 rehandshake and TLS1.3 hello retry request when sending a client hello. Resolves #535 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-08-03 14:13:14 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-08-07 08:10:18 +0200
commit: a288a20ccdf63e6567070964b9b77771898c52d6 (patch)
tree: 24dd9dab9d2cfb5109cb4286c58f4c7b3be0cb06 /lib/handshake.c
parent: 08c29434308232863ec71fea15913dd9fe0a9b0c (diff)
download: gnutls-a288a20ccdf63e6567070964b9b77771898c52d6.tar.gz
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/handshake.c b/lib/handshake.c
index 7274bafebd..2c7524016e 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1991,12 +1991,13 @@ static int send_client_hello(gnutls_session_t session, int again)
 	uint8_t session_id_len =
 	    session->internals.resumed_security_parameters.session_id_size;
 
-	/* note that rehandshake is different than resuming
-	 */
-	if (session->security_parameters.session_id_size)
-		rehandshake = 1;
 
 	if (again == 0) {
+		/* note that rehandshake is different than resuming
+		 */
+		if (session->internals.initial_negotiation_completed)
+			rehandshake = 1;
+
 		ret = _gnutls_buffer_init_handshake_mbuffer(&extdata);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-08-03 14:13:14 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-08-07 08:10:18 +0200
commit	a288a20ccdf63e6567070964b9b77771898c52d6 (patch)
tree	24dd9dab9d2cfb5109cb4286c58f4c7b3be0cb06 /lib/handshake.c
parent	08c29434308232863ec71fea15913dd9fe0a9b0c (diff)
download	gnutls-a288a20ccdf63e6567070964b9b77771898c52d6.tar.gz