gnutls_priority_set: do not override the version after handshake is complete

When an application would re-set priorities prior to a rehandshake
we would override the negotiated version with the highest supported,
something which may lead to issues. This disables that unnecessary
version override. See:

https://bugzilla.redhat.com/show_bug.cgi?id=1634736

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 6 insertions, 4 deletions

diff --git a/lib/priority.c b/lib/priority.c
index 17049d5327..16d86d64e4 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -591,11 +591,13 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
 	session->internals.priorities = priority;
 	gnutls_atomic_increment(&priority->usage_cnt);
 
-	/* set the current version to the first in the chain.
-	 * This will be overridden later.
-	 */
+	/* set the current version to the first in the chain, if this is
+	 * the call before the initial handshake. During a re-handshake
+	 * we do not set the version to avoid overriding the currently
+	 * negotiated version. */
 	if (session->internals.priorities->protocol.num_priorities > 0 &&
-	    !session->internals.handshake_in_progress) {
+	    !session->internals.handshake_in_progress &&
+	    !session->internals.initial_negotiation_completed) {
 		if (_gnutls_set_current_version(session,
 					    session->internals.priorities->
 					    protocol.priorities[0]) < 0) {