diff options
-rw-r--r-- | lib/gnutls_int.h | 1 | ||||
-rw-r--r-- | lib/state.c | 7 | ||||
-rw-r--r-- | lib/supplemental.c | 6 |
3 files changed, 13 insertions, 1 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 0e037ada5e..d2d417ee67 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1433,6 +1433,7 @@ inline static unsigned get_num_version(gnutls_session_t session) void _gnutls_priority_update_fips(void); void _gnutls_priority_update_non_aesni(void); +extern unsigned _gnutls_disable_tls13; #define timespec_sub_ms _gnutls_timespec_sub_ms unsigned int diff --git a/lib/state.c b/lib/state.c index 284214b87f..2c63001c2b 100644 --- a/lib/state.c +++ b/lib/state.c @@ -53,6 +53,10 @@ #include "dtls.h" #include "tls13/session_ticket.h" +/* to be used by supplemental data support to disable TLS1.3 + * when supplemental data have been globally registered */ +unsigned _gnutls_disable_tls13 = 0; + /* These should really be static, but src/tests.c calls them. Make them public functions? */ void @@ -401,6 +405,9 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) (*session)->internals.flags = flags; + if (_gnutls_disable_tls13 != 0) + (*session)->internals.flags |= INT_FLAG_NO_TLS13; + return 0; } diff --git a/lib/supplemental.c b/lib/supplemental.c index a0996a1285..84305c7086 100644 --- a/lib/supplemental.c +++ b/lib/supplemental.c @@ -282,7 +282,8 @@ _gnutls_supplemental_register(gnutls_supplemental_entry_st *entry) * registered or handled by GnuTLS internally %GNUTLS_E_ALREADY_REGISTERED * will be returned. * - * This function is not thread safe. + * This function is not thread safe. As supplemental data are not defined under + * TLS 1.3, this function will disable TLS 1.3 support globally. * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * @@ -304,6 +305,9 @@ gnutls_supplemental_register(const char *name, gnutls_supplemental_data_format_t if (ret < 0) { gnutls_free(tmp_entry.name); } + + _gnutls_disable_tls13 = 1; + return ret; } |