diff options
-rw-r--r-- | lib/auth/cert.c | 2 | ||||
-rw-r--r-- | lib/cert-session.c | 5 | ||||
-rw-r--r-- | lib/gnutls_int.h | 8 | ||||
-rw-r--r-- | lib/handshake.c | 2 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 2 | ||||
-rw-r--r-- | lib/kx.c | 8 | ||||
-rw-r--r-- | lib/state.c | 1 | ||||
-rw-r--r-- | lib/tls13/certificate_request.c | 4 |
8 files changed, 13 insertions, 19 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 7c6b631a1d..6d618a3532 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -977,7 +977,7 @@ _gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data, /* We should reply with a certificate message, * even if we have no certificate to send. */ - session->internals.crt_requested = 1; + session->internals.hsk_flags |= HSK_CRT_ASKED; /* now we ask the user to tell which one * he wants to use. diff --git a/lib/cert-session.c b/lib/cert-session.c index 1ba55fa448..e7a529a96a 100644 --- a/lib/cert-session.c +++ b/lib/cert-session.c @@ -117,9 +117,10 @@ const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t * Returns: 0 if the peer (server) did not request client * authentication or 1 otherwise. **/ -int gnutls_certificate_client_get_request_status(gnutls_session_t session) +unsigned +gnutls_certificate_client_get_request_status(gnutls_session_t session) { - return session->internals.crt_requested; + return (session->internals.hsk_flags & HSK_CRT_ASKED)?1:0; } /** diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 4a02ddbae1..68ca48dcc3 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1145,14 +1145,9 @@ typedef struct { #define HSK_CRT_REQ_SENT (1<<5) #define HSK_CRT_REQ_GOT_SIG_ALGO (1<<6) #define HSK_KEY_UPDATE_ASKED (1<<7) /* flag is not used during handshake */ - unsigned hsk_flags; /* TLS1.3 only */ + unsigned hsk_flags; time_t last_key_update; - unsigned crt_requested; /* 1 if client auth was requested (i.e., client cert). - * In case of a server this holds 1 if we should wait - * for a client certificate verify - */ - gnutls_buffer_st hb_local_data; gnutls_buffer_st hb_remote_data; struct timespec hb_ping_start; /* timestamp: when first HeartBeat ping was sent */ @@ -1168,6 +1163,7 @@ typedef struct { recv_state_t recv_state; /* state of the receive function */ + /* if set, server and client random were set by the application */ bool sc_random_set; unsigned flags; /* the flags in gnutls_init() */ diff --git a/lib/handshake.c b/lib/handshake.c index f7c6853416..559e115528 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -2394,7 +2394,7 @@ int gnutls_handshake(gnutls_session_t session) return gnutls_assert_val(ret); session->internals.used_exts = 0; - session->internals.crt_requested = 0; + session->internals.hsk_flags = 0; session->internals.handshake_in_progress = 1; session->internals.vc_status = -1; gettime(&session->internals.handshake_start_time); diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 1838140c86..a48fa1ea53 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2432,7 +2432,7 @@ int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session, time_t gnutls_certificate_activation_time_peers(gnutls_session_t session); time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session); -int gnutls_certificate_client_get_request_status(gnutls_session_t session); +unsigned gnutls_certificate_client_get_request_status(gnutls_session_t session); int gnutls_certificate_verify_peers2(gnutls_session_t session, unsigned int *status); int gnutls_certificate_verify_peers3(gnutls_session_t session, @@ -341,7 +341,7 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) /* if certificate verify is not needed just exit */ - if (session->internals.crt_requested == 0) + if (!(session->internals.hsk_flags & HSK_CRT_ASKED)) return 0; @@ -387,7 +387,7 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) int ret = 0; mbuffer_st *bufel = NULL; - if (session->internals.crt_requested == 0) + if (!(session->internals.hsk_flags & HSK_CRT_ASKED)) return 0; if (session->internals.auth_struct-> @@ -661,7 +661,7 @@ int _gnutls_recv_client_certificate(gnutls_session_t session) if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional != 0) ret = 0; else - session->internals.crt_requested = 1; + session->internals.hsk_flags |= HSK_CRT_VRFY_EXPECTED; cleanup: _gnutls_buffer_clear(&buf); @@ -715,7 +715,7 @@ _gnutls_recv_client_certificate_verify_message(gnutls_session_t session) return 0; if (session->internals.send_cert_req == 0 || - session->internals.crt_requested == 0) { + (!(session->internals.hsk_flags & HSK_CRT_VRFY_EXPECTED))) { return 0; } diff --git a/lib/state.c b/lib/state.c index e87d779d03..2b6184de93 100644 --- a/lib/state.c +++ b/lib/state.c @@ -223,7 +223,6 @@ static void handshake_internal_state_clear1(gnutls_session_t session) session->internals.cand_ec_group = 0; session->internals.cand_dh_group = 0; - session->internals.hsk_flags = 0; session->internals.hrr_cs[0] = CS_INVALID_MAJOR; session->internals.hrr_cs[1] = CS_INVALID_MINOR; } diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c index 42ba3c4055..252762033a 100644 --- a/lib/tls13/certificate_request.c +++ b/lib/tls13/certificate_request.c @@ -156,7 +156,7 @@ int _gnutls13_recv_certificate_request_int(gnutls_session_t session, gnutls_buff goto cleanup; } - session->internals.crt_requested = 1; + session->internals.hsk_flags |= HSK_CRT_ASKED; ret = _gnutls_select_client_cert(session, ctx.rdn, ctx.rdn_size, ctx.pk_algos, ctx.pk_algos_length); @@ -165,8 +165,6 @@ int _gnutls13_recv_certificate_request_int(gnutls_session_t session, gnutls_buff goto cleanup; } - session->internals.hsk_flags |= HSK_CRT_ASKED; - ret = 0; cleanup: |