diff options
-rw-r--r-- | doc/cha-gtls-app.texi | 3 | ||||
-rw-r--r-- | lib/ext/ext_master_secret.c | 2 | ||||
-rw-r--r-- | lib/ext/safe_renegotiation.c | 3 | ||||
-rw-r--r-- | tests/no-extensions.c | 8 |
4 files changed, 11 insertions, 5 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 393283e0c9..8d5d9b7cfa 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1507,7 +1507,8 @@ with %COMPAT. @item %NO_EXTENSIONS @tab will prevent the sending of any TLS extensions in client side. Note that TLS 1.2 requires extensions to be used, as well as safe -renegotiation thus this option must be used with care. +renegotiation thus this option must be used with care. When this option +is set with TLS1.3 enabled the session behavior is undefined. @item %NO_TICKETS @tab will prevent the advertizing of the TLS session ticket extension. diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index bafdd7ebd0..f4843e186f 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -72,6 +72,7 @@ _gnutls_ext_master_secret_recv_params(gnutls_session_t session, ssize_t data_size = _data_size; if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + session->internals.priorities->no_extensions || session->internals.no_ext_master_secret != 0) { return 0; } @@ -104,6 +105,7 @@ _gnutls_ext_master_secret_send_params(gnutls_session_t session, gnutls_buffer_st * extdata) { if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + session->internals.priorities->no_extensions != 0 || session->internals.no_ext_master_secret != 0) { session->security_parameters.ext_master_secret = 0; return 0; diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c index 26d25165bc..8e8798dc5b 100644 --- a/lib/ext/safe_renegotiation.c +++ b/lib/ext/safe_renegotiation.c @@ -54,7 +54,8 @@ _gnutls_ext_sr_finished(gnutls_session_t session, void *vdata, sr_ext_st *priv; gnutls_ext_priv_data_t epriv; - if (session->internals.priorities->sr == SR_DISABLED) { + if (session->internals.priorities->sr == SR_DISABLED || + session->internals.priorities->no_extensions) { return 0; } diff --git a/tests/no-extensions.c b/tests/no-extensions.c index 76e0040dae..9ea03446ed 100644 --- a/tests/no-extensions.c +++ b/tests/no-extensions.c @@ -130,7 +130,7 @@ void start(const char *prio) &server_cert, &server_key, GNUTLS_X509_FMT_PEM); - gnutls_init(&server, GNUTLS_SERVER|GNUTLS_NO_EXTENSIONS); + gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); assert(gnutls_priority_set_direct(server, prio, NULL)>=0); @@ -152,7 +152,7 @@ void start(const char *prio) if (ret < 0) exit(1); - ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS); + ret = gnutls_init(&client, GNUTLS_CLIENT); if (ret < 0) exit(1); @@ -203,5 +203,7 @@ void start(const char *prio) void doit(void) { - start("NORMAL:-VERS-ALL:+VERS-TLS1.0:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.0:%NO_EXTENSIONS"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.1:%NO_EXTENSIONS"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_EXTENSIONS"); } |