tls13/session_ticket: don't send ticket when no common KE modes

When the server had received psk_key_exchange_modes extension which doesn't have any overlap with the server configuration, omit to send NewSessionTicket. Signed-off-by: Daiki Ueno <dueno@redhat.com>
author: Daiki Ueno <dueno@redhat.com> 2018-06-01 15:04:49 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-06-05 14:10:18 +0000
commit: 6e7c50781d0c3d6cf831b48038013a6c7a4bda89 (patch)
tree: 2c3f587f4c0fd8751eacfddba436622b81017c1d /lib/tls13
parent: 7e25c14eab5a6cb289de59044771ff2924cf72cb (diff)
download: gnutls-6e7c50781d0c3d6cf831b48038013a6c7a4bda89.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c
index d98475094a..8515b9cb19 100644
--- a/lib/tls13/session_ticket.c
+++ b/lib/tls13/session_ticket.c
@@ -230,6 +230,12 @@ int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned again)
 	if (session->internals.flags & GNUTLS_NO_TICKETS)
 		return gnutls_assert_val(0);
 
+	/* If we received the psk_key_exchange_modes extension which
+	 * does not have overlap with the server configuration, don't
+	 * send a session ticket */
+	if (session->internals.hsk_flags & HSK_PSK_KE_MODE_INVALID)
+		return gnutls_assert_val(0);
+
 	if (again == 0) {
 		memset(&ticket, 0, sizeof(tls13_ticket_t));
author	Daiki Ueno <dueno@redhat.com>	2018-06-01 15:04:49 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-06-05 14:10:18 +0000
commit	6e7c50781d0c3d6cf831b48038013a6c7a4bda89 (patch)
tree	2c3f587f4c0fd8751eacfddba436622b81017c1d /lib/tls13
parent	7e25c14eab5a6cb289de59044771ff2924cf72cb (diff)
download	gnutls-6e7c50781d0c3d6cf831b48038013a6c7a4bda89.tar.gz