diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-09-30 22:05:59 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-10-03 14:46:27 +0200 |
commit | 368c74fa02a77b1a4d40f385745264a3d25b4358 (patch) | |
tree | 1062b6ebc52c6db4f63f85191296b530ca187c38 /tests/resume.c | |
parent | 990ec00b5b2042e60ad331d93d64b0abd72defac (diff) | |
download | gnutls-368c74fa02a77b1a4d40f385745264a3d25b4358.tar.gz |
gnutls_priority_set: do not override version on handshaketmp-fix-priority-set-call
When handshake is in progress, do not override the default TLS
version in the session. This allows gnutls_priority_set to be called
in the post_client_hello function without breaking the handshake.
Resolves #580
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'tests/resume.c')
-rw-r--r-- | tests/resume.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/tests/resume.c b/tests/resume.c index 84314b836c..0e582f603d 100644 --- a/tests/resume.c +++ b/tests/resume.c @@ -73,6 +73,7 @@ struct params_res { int enable_session_ticket_server; int enable_session_ticket_client; int expect_resume; + int call_post_client_hello; int client_cert; int first_no_ext_master; int second_no_ext_master; @@ -95,6 +96,12 @@ struct params_res resume_tests[] = { .enable_session_ticket_server = 0, .enable_session_ticket_client = 0, .expect_resume = 1}, + {.desc = "try to resume from db with post_client_hello", + .enable_db = 1, + .enable_session_ticket_server = 0, + .enable_session_ticket_client = 0, + .call_post_client_hello = 1, + .expect_resume = 1}, {.desc = "try to resume from db using resumed session's data", .enable_db = 1, .enable_session_ticket_server = 0, @@ -131,6 +138,12 @@ struct params_res resume_tests[] = { .enable_session_ticket_client = 1, .change_ciphersuite = 1, .expect_resume = 1}, + {.desc = "try to resume from session ticket with post_client_hello", + .enable_db = 0, + .enable_session_ticket_server = 1, + .enable_session_ticket_client = 1, + .call_post_client_hello = 1, + .expect_resume = 1}, #endif #if defined(TLS13) && !defined(USE_PSK) {.desc = "try to resume from session ticket (early start)", @@ -241,6 +254,13 @@ static void tls_log_func(int level, const char *str) str); } +static int post_client_hello_callback(gnutls_session_t session) +{ + /* switches the supported ciphersuites to something compatible */ + assert(gnutls_priority_set_direct(session, gnutls_session_get_ptr(session), NULL) >= 0); + return 0; +} + static int hsk_hook_cb(gnutls_session_t session, unsigned int htype, unsigned post, unsigned int incoming, const gnutls_datum_t *_msg) { @@ -809,6 +829,13 @@ static void server(int sds[], struct params_res *params) gnutls_transport_set_int(session, sd); gnutls_handshake_set_timeout(session, 20 * 1000); + if (params->call_post_client_hello) { + gnutls_session_set_ptr(session, PRIO_STR); + gnutls_handshake_set_post_client_hello_function(session, + post_client_hello_callback); + } + + do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); |