diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-31 20:16:44 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-31 20:19:40 +0100 |
commit | b3621f99e2bd657f9c3f8fc9e781d40538dc681f (patch) | |
tree | 5ca8aa6795a8af0abb4340c59f45a5eb510c8fdb | |
parent | 051f12a3ceb40c036ed1b1af528028555e40a3f6 (diff) | |
download | gnutls-b3621f99e2bd657f9c3f8fc9e781d40538dc681f.tar.gz |
Fixes in server side of DTLS-0.9.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | lib/gnutls_db.c | 7 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 7 | ||||
-rw-r--r-- | lib/gnutls_session_pack.c | 3 |
4 files changed, 16 insertions, 3 deletions
@@ -12,6 +12,8 @@ in a template from an RFC4514 string. ** libgnutls-xssl: Added an experimental TLS library with an very simple API. +** libgnutls: Fixes in server side of DTLS-0.9. + ** libgnutls: DN variable 'T' was expanded to 'title'. ** libgnutls: Added functions to directly set the DN in a certificate diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index 135a595984..eb16d662cb 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -281,6 +281,13 @@ _gnutls_server_restore_session (gnutls_session_t session, gnutls_datum_t key; int ret; + if (session->internals.premaster_set != 0) + { /* hack for CISCO's DTLS-0.9 */ + if (session_id_size == session->internals.resumed_security_parameters.session_id_size && + memcmp(session_id, session->internals.resumed_security_parameters.session_id, session_id_size) == 0) + return 0; + } + key.data = session_id; key.size = session_id_size; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 47d2ed0517..383c98b180 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1246,13 +1246,16 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, if (gnutls_protocol_get_version (session) == GNUTLS_DTLS0_9) { /* Old DTLS doesn't include the header in the MAC */ - if (datalen <= 12) + if (datalen < 12) { gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; + return GNUTLS_E_INTERNAL_ERROR; } dataptr += 12; datalen -= 12; + + if (datalen == 0) + return 0; } ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer, diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 29425e98c8..2b73c0bbcd 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -41,6 +41,7 @@ #include <gnutls_extensions.h> #include <gnutls_constate.h> #include <algorithms.h> +#include <gnutls_state.h> static int pack_certificate_auth_info (gnutls_session_t, gnutls_buffer_st * packed_session); @@ -905,7 +906,7 @@ gnutls_session_set_premaster (gnutls_session_t session, unsigned int entity, return gnutls_assert_val(ret); session->internals.resumed_security_parameters.compression_method = comp; - session->internals.resumed_security_parameters.cert_type = GNUTLS_CRT_UNKNOWN; + session->internals.resumed_security_parameters.cert_type = DEFAULT_CERT_TYPE; session->internals.resumed_security_parameters.version = version; if (master->size != GNUTLS_MASTER_SIZE) |