diff options
| author | Daiki Ueno <ueno@gnu.org> | 2021-04-29 08:35:02 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2021-05-13 11:19:17 +0200 |
| commit | 09962631f3ee37aa2638b2909ef6c428dc26a2ad (patch) | |
| tree | bd047cd6c20a301752a8d18d8c6f68dc04108725 | |
| parent | 2d73f89a41d145321e2431c78d7d05956a819db1 (diff) | |
| download | gnutls-09962631f3ee37aa2638b2909ef6c428dc26a2ad.tar.gz | |
gnutls_init: add flag to omit EndOfEarlyData messages
The message is prohibited in QUIC:
https://tools.ietf.org/html/draft-ietf-quic-tls-34#section-8.3
Signed-off-by: Daiki Ueno <ueno@gnu.org>
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 4 | ||||
| -rw-r--r-- | lib/tls13/early_data.c | 20 |
2 files changed, 16 insertions, 8 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index ef33a921c2..ca01fc9bdc 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -480,6 +480,7 @@ typedef enum { * @GNUTLS_ENABLE_RAWPK: Allows raw public-keys to be negotiated during the handshake. Since 3.6.6. * @GNUTLS_NO_AUTO_SEND_TICKET: Under TLS1.3 disable auto-sending of * session tickets during the handshake. + * @GNUTLS_NO_END_OF_EARLY_DATA: Under TLS1.3 suppress sending EndOfEarlyData message. Since 3.7.2. * * Enumeration of different flags for gnutls_init() function. All the flags * can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually @@ -511,7 +512,8 @@ typedef enum { GNUTLS_ENABLE_RAWPK = (1<<18), GNUTLS_AUTO_REAUTH = (1<<19), GNUTLS_ENABLE_EARLY_DATA = (1<<20), - GNUTLS_NO_AUTO_SEND_TICKET = (1<<21) + GNUTLS_NO_AUTO_SEND_TICKET = (1<<21), + GNUTLS_NO_END_OF_EARLY_DATA = (1<<22) } gnutls_init_flags_t; /* compatibility defines (previous versions of gnutls diff --git a/lib/tls13/early_data.c b/lib/tls13/early_data.c index ccace901b9..3d565d54b3 100644 --- a/lib/tls13/early_data.c +++ b/lib/tls13/early_data.c @@ -61,6 +61,10 @@ int _gnutls13_send_end_of_early_data(gnutls_session_t session, unsigned again) session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED)) return 0; + if (session->internals.flags & GNUTLS_NO_END_OF_EARLY_DATA) { + return 0; + } + if (again == 0) { ret = _gnutls_buffer_init_handshake_mbuffer(&buf); if (ret < 0) @@ -81,14 +85,16 @@ int _gnutls13_recv_end_of_early_data(gnutls_session_t session) session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED)) return 0; - ret = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_END_OF_EARLY_DATA, 0, &buf); - if (ret < 0) - return gnutls_assert_val(ret); + if (!(session->internals.flags & GNUTLS_NO_END_OF_EARLY_DATA)) { + ret = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_END_OF_EARLY_DATA, 0, &buf); + if (ret < 0) + return gnutls_assert_val(ret); - if (buf.length != 0) { - gnutls_assert(); - ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - goto cleanup; + if (buf.length != 0) { + gnutls_assert(); + ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + goto cleanup; + } } session->internals.hsk_flags &= ~HSK_EARLY_DATA_IN_FLIGHT; |