diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-11-14 15:20:08 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-11-18 19:54:14 +0100 |
commit | b44430523cca648364386e758c1b7df161c2a29d (patch) | |
tree | a5347aad3142a3200528066eb7af95f6a2ce848e /lib | |
parent | 5ad1afa2c65c1ce9d0946dbb835edf93ec6d0ead (diff) | |
download | gnutls-b44430523cca648364386e758c1b7df161c2a29d.tar.gz |
gnutls_certificate_type_get*: ensure that the default type is returned
That is, ensure that unless we negotiate something else than
X509, the default certificate type is returned to applications.
Previously we wouldn't do that for TLS1.3 resumed sessions, and
we would return zero (invalid type) instead.
That addresses issues with applications checking explicitly
for X509 certificate type being present.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/session_pack.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/session_pack.c b/lib/session_pack.c index 1869f7740b..eec594e38e 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -905,14 +905,14 @@ pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND_NUM(ps, session->security_parameters.pversion->id); + BUFFER_APPEND_NUM(ps, session->security_parameters.client_ctype); + BUFFER_APPEND_NUM(ps, session->security_parameters.server_ctype); + /* if we are under TLS 1.3 do not pack keys or params negotiated using an extension * they are not necessary */ if (!session->security_parameters.pversion->tls13_sem) { BUFFER_APPEND(ps, session->security_parameters.cs->id, 2); - BUFFER_APPEND_NUM(ps, session->security_parameters.client_ctype); - BUFFER_APPEND_NUM(ps, session->security_parameters.server_ctype); - BUFFER_APPEND_PFX1(ps, session->security_parameters.master_secret, GNUTLS_MASTER_SIZE); BUFFER_APPEND_PFX1(ps, session->security_parameters.client_random, @@ -1005,19 +1005,19 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + BUFFER_POP_NUM(ps, + session->internals.resumed_security_parameters. + client_ctype); + BUFFER_POP_NUM(ps, + session->internals.resumed_security_parameters. + server_ctype); + if (!session->internals.resumed_security_parameters.pversion->tls13_sem) { BUFFER_POP(ps, cs, 2); session->internals.resumed_security_parameters.cs = ciphersuite_to_entry(cs); if (session->internals.resumed_security_parameters.cs == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - BUFFER_POP_NUM(ps, - session->internals.resumed_security_parameters. - client_ctype); - BUFFER_POP_NUM(ps, - session->internals.resumed_security_parameters. - server_ctype); - /* master secret */ ret = _gnutls_buffer_pop_datum_prefix8(ps, &t); if (ret < 0) { |