summaryrefslogtreecommitdiff
path: root/lib/tls13/session_ticket.c
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2018-06-01 15:04:49 +0200
committerDaiki Ueno <dueno@redhat.com>2018-06-05 15:01:50 +0200
commitfd8ea5d9d6c3e3fed5bfce325ac7580761bf7645 (patch)
tree6b046f574723883eaed7f45b6c252f3cefa3cfd6 /lib/tls13/session_ticket.c
parent12a62dd105208ff5a1bc2e1c52d095c399dc4893 (diff)
downloadgnutls-tmp-session-ticket-incompatible.tar.gz
tls13/session_ticket: don't send ticket when no common KE modestmp-session-ticket-incompatible
When the server had received psk_key_exchange_modes extension which doesn't have any overlap with the server configuration, omit to send NewSessionTicket. Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/tls13/session_ticket.c')
-rw-r--r--lib/tls13/session_ticket.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c
index d98475094a..8515b9cb19 100644
--- a/lib/tls13/session_ticket.c
+++ b/lib/tls13/session_ticket.c
@@ -230,6 +230,12 @@ int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned again)
if (session->internals.flags & GNUTLS_NO_TICKETS)
return gnutls_assert_val(0);
+ /* If we received the psk_key_exchange_modes extension which
+ * does not have overlap with the server configuration, don't
+ * send a session ticket */
+ if (session->internals.hsk_flags & HSK_PSK_KE_MODE_INVALID)
+ return gnutls_assert_val(0);
+
if (again == 0) {
memset(&ticket, 0, sizeof(tls13_ticket_t));
View Lorry Controller Status