diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-07 09:52:32 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-17 13:54:03 +0200 |
commit | f41df13ec8b77414ff8e682d8234c089bd24e7e9 (patch) | |
tree | bf9a12d81c1469c6aefa896393bd95f95cdea7f4 /lib/includes | |
parent | 9c0b15a08a48b72fe63ccd5b046ff9199212d10b (diff) | |
download | gnutls-f41df13ec8b77414ff8e682d8234c089bd24e7e9.tar.gz |
handshake: do not send TLS extensions under DTLS and vice versatmp-prohibit-tls-dtls-mix
That is, introduce the notion of TLS-only and DTLS-only extensions,
providing a framework to prevent sending extensions which are registered
for example for TLS 1.3, under DTLS and vice versa.
Resolves #440
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/includes')
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index b6473b98b5..fd3b07af78 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2761,6 +2761,8 @@ typedef enum { * @GNUTLS_EXT_FLAG_EE: This extension can be present in encrypted extensions message * @GNUTLS_EXT_FLAG_HRR: This extension can be present in hello retry request message * @GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST: When flag is present, this extension will be send even if the server didn't advertise it. An extension of this type is the Cookie TLS1.3 extension. + * @GNUTLS_EXT_FLAG_DTLS: This extension can be present under DTLS; otherwise ignored. + * @GNUTLS_EXT_FLAG_TLS: This extension can be present under TLS; otherwise ignored. * * Enumeration of different TLS extension registration flags. */ @@ -2771,7 +2773,9 @@ typedef enum { GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO = (1<<3), GNUTLS_EXT_FLAG_EE = (1<<4), /* ENCRYPTED */ GNUTLS_EXT_FLAG_HRR = (1<<5), - GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST = (1<<6) + GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST = (1<<6), + GNUTLS_EXT_FLAG_TLS = (1<<7), + GNUTLS_EXT_FLAG_DTLS = (1<<8) } gnutls_ext_flags_t; /* Register a custom tls extension |