diff options
| -rw-r--r-- | lib/algorithms/protocols.c | 6 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 3 | ||||
| -rw-r--r-- | lib/supplemental.c | 5 |
3 files changed, 13 insertions, 1 deletions
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index bfefdec808..8c085b7d34 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -284,6 +284,9 @@ const version_entry_st *_gnutls_version_max(gnutls_session_t session) if (!p->supported || p->transport != session->internals.transport) break; + if (p->tls13_sem && (session->internals.flags & INT_FLAG_NO_TLS13)) + break; + if (max == NULL || cur_prot > max->id) { max = p; } @@ -491,6 +494,9 @@ _gnutls_version_is_supported(gnutls_session_t session, #ifndef ENABLE_SSL3 if (p->obsolete != 0) return 0; #endif + if (p->tls13_sem && (session->internals.flags & INT_FLAG_NO_TLS13)) + return 0; + ret = p->supported && p->transport == session->internals.transport; break; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 5868c12bdc..0e037ada5e 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1307,7 +1307,8 @@ typedef struct { /* if set, server and client random were set by the application */ bool sc_random_set; - unsigned flags; /* the flags in gnutls_init() */ +#define INT_FLAG_NO_TLS13 (1LL<<60) + uint64_t flags; /* the flags in gnutls_init() and GNUTLS_INT_FLAGS */ /* a verify callback to override the verify callback from the credentials * structure */ diff --git a/lib/supplemental.c b/lib/supplemental.c index 65fc18697d..a0996a1285 100644 --- a/lib/supplemental.c +++ b/lib/supplemental.c @@ -324,6 +324,9 @@ gnutls_supplemental_register(const char *name, gnutls_supplemental_data_format_t * If the type is already registered or handled by GnuTLS internally * %GNUTLS_E_ALREADY_REGISTERED will be returned. * + * As supplemental data are not defined under TLS 1.3, this function will + * disable TLS 1.3 support for the given session. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.5.5 @@ -359,6 +362,8 @@ gnutls_session_supplemental_register(gnutls_session_t session, const char *name, memcpy(&session->internals.rsup[session->internals.rsup_size], &tmp_entry, sizeof(tmp_entry)); session->internals.rsup_size++; + session->internals.flags |= INT_FLAG_NO_TLS13; + return GNUTLS_E_SUCCESS; } |