diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-10-09 14:21:09 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-10-09 19:33:47 +0200 |
commit | 61bd0c07bbc9eb3bc34f5dd1b53988dbebf3844b (patch) | |
tree | 19da4df4fab3050fb84f3d8c8c7b87ab7900e113 | |
parent | af9c79307392969938f04df57f8bf3765e6a1af7 (diff) | |
download | gnutls-61bd0c07bbc9eb3bc34f5dd1b53988dbebf3844b.tar.gz |
TLS extensions: only cache the extension IDs from exts that the server supports
That avoids imposing any artificial limits on the number of extensions that
a server can handle.
Resolves #136
-rw-r--r-- | lib/gnutls_extensions.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 76624a21d6..38c4f9163c 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -174,8 +174,6 @@ _gnutls_parse_extensions(gnutls_session_t session, gnutls_assert(); return ret; } - } else { - _gnutls_extension_list_add(session, type); } DECR_LENGTH_RET(next, 2, 0); @@ -195,6 +193,11 @@ _gnutls_parse_extensions(gnutls_session_t session, continue; } + /* only store the extension number if we support it */ + if (session->security_parameters.entity == GNUTLS_SERVER) { + _gnutls_extension_list_add(session, type); + } + _gnutls_handshake_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n", session, _gnutls_extension_get_name(type), type, @@ -213,8 +216,11 @@ _gnutls_parse_extensions(gnutls_session_t session, } /* Adds the extension we want to send in the extensions list. - * This list is used to check whether the (later) received + * This list is used in client side to check whether the (later) received * extensions are the ones we requested. + * + * In server side, this list is used to ensure we don't send + * extensions that we didn't receive a corresponding value. */ void _gnutls_extension_list_add(gnutls_session_t session, uint16_t type) { |