diff options
| author | Nikos Mavrogiannopoulos <nmav@crystal.(none)> | 2009-01-27 22:57:22 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@crystal.(none)> | 2009-01-27 22:58:18 +0200 |
| commit | 1a341a09c2c14fc80e9ca1c542ebfcb24a5fc44f (patch) | |
| tree | e8a665a74d5740881adff1a3b44ac82a5337f745 | |
| parent | cf37265a682c9f14470147ab22828173433f77df (diff) | |
| download | gnutls-1a341a09c2c14fc80e9ca1c542ebfcb24a5fc44f.tar.gz | |
gnutls_handshake when sending client hello during a
rehandshake, will not offer a version number larger than the current.
Reported by Tristan Hill <stan@saticed.me.uk>.
| -rw-r--r-- | NEWS | 7 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 11 |
2 files changed, 17 insertions, 1 deletions
@@ -5,6 +5,13 @@ See the end for copying conditions. * Version 2.6.4 (unreleased) +** libgnutls: result_size in gnutls_hex_encode now holds +the size of the result. Report by John Brooks <special@dereferenced.net>. + +** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. +Reported by Tristan Hill <stan@saticed.me.uk>. + ** libgnutls: Permit V1 Certificate Authorities properly. Before they were mistakenly rejected even though GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index ef38a7ed72..3d50696b66 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1705,12 +1705,16 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) opaque rnd[GNUTLS_RANDOM_SIZE]; gnutls_protocol_t hver; opaque extdata[MAX_EXT_DATA_LENGTH]; + int rehandshake = 0; opaque *SessionID = session->internals.resumed_security_parameters.session_id; uint8_t session_id_len = session->internals.resumed_security_parameters.session_id_size; + if (session->security_parameters.session_id_size) + rehandshake = 1; + if (SessionID == NULL) session_id_len = 0; else if (session_id_len == 0) @@ -1734,7 +1738,12 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) * version number to the previously established. */ if (SessionID == NULL) - hver = _gnutls_version_max (session); + { + if (rehandshake) /* already negotiated version thus version_max == negotiated version */ + hver = session->security_parameters.version; + else + hver = _gnutls_version_max (session); + } else { /* we are resuming a session */ hver = session->internals.resumed_security_parameters.version; |