diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-13 10:18:03 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-13 10:18:03 +0100 |
commit | 305103b65f5b476daa0e84539128550de552281d (patch) | |
tree | 301faa3b44128f21a054df167be26aeb69764304 /lib | |
parent | 492a7b5ff63fd1c74c4edc3521aabd99bedd39e3 (diff) | |
download | gnutls-305103b65f5b476daa0e84539128550de552281d.tar.gz |
Added priority string %NO_SESSION_HASH to prevent advertising the extended master secret extension
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ext/ext_master_secret.c | 8 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 4 | ||||
-rw-r--r-- | lib/priority_options.gperf | 1 |
4 files changed, 12 insertions, 3 deletions
diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index 16cd33f60d..ed2f9b25c5 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -58,7 +58,8 @@ _gnutls_ext_master_secret_recv_params(gnutls_session_t session, { ssize_t data_size = _data_size; - if (session->internals.try_ext_master_secret == 0) { + if (session->internals.try_ext_master_secret == 0 || + session->internals.priorities.no_ext_master_secret != 0) { return 0; } @@ -87,8 +88,9 @@ static int _gnutls_ext_master_secret_send_params(gnutls_session_t session, gnutls_buffer_st * extdata) { - if (session->internals.try_ext_master_secret == 0) { - return 0; + if (session->internals.try_ext_master_secret == 0 || + session->internals.priorities.no_ext_master_secret != 0) { + return 0; } /* this function sends the client extension data */ diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 43f58d51a0..a0a8591278 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -659,6 +659,7 @@ struct gnutls_priority_st { /* to disable record padding */ bool no_extensions; + bool no_ext_master_secret; bool allow_large_records; unsigned int max_empty_records; unsigned int dumbfw; @@ -688,6 +689,7 @@ struct gnutls_priority_st { #define ENABLE_COMPAT(x) \ (x)->allow_large_records = 1; \ (x)->no_etm = 1; \ + (x)->no_ext_master_secret = 1; \ (x)->allow_wrong_pms = 1; \ (x)->dumbfw = 1 diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 6eebe8444d..310d010372 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -837,6 +837,10 @@ static void enable_no_extensions(gnutls_priority_t c) { c->no_extensions = 1; } +static void enable_no_ext_master_secret(gnutls_priority_t c) +{ + c->no_ext_master_secret = 1; +} static void enable_no_etm(gnutls_priority_t c) { c->no_etm = 1; diff --git a/lib/priority_options.gperf b/lib/priority_options.gperf index 1d529813fa..e55b29271f 100644 --- a/lib/priority_options.gperf +++ b/lib/priority_options.gperf @@ -11,6 +11,7 @@ DUMBFW, enable_dumbfw NO_EXTENSIONS, enable_no_extensions NO_TICKETS, enable_no_tickets NO_ETM, enable_no_etm +NO_SESSION_HASH, enable_no_ext_master_secret STATELESS_COMPRESSION, enable_stateless_compression VERIFY_ALLOW_SIGN_RSA_MD5, enable_verify_allow_rsa_md5 VERIFY_DISABLE_CRL_CHECKS, disable_crl_checks |