diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-02-03 15:50:08 +0100 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-02-04 09:25:00 +0100 |
commit | 5416fdc259d8df9b797d249f3e5d58789b2e2cf9 (patch) | |
tree | f916dde3909ce8c05f9d7c4d7925c76f64667a35 | |
parent | f237cbd939dd3c65600bbeb6933da00f7caf67bb (diff) | |
download | gnutls-5416fdc259d8df9b797d249f3e5d58789b2e2cf9.tar.gz |
gnutls_session_is_resumed: don't check session ID in TLS 1.3
In middlebox compatibiltiy mode, TLS 1.3 client simulates the TLS 1.2
resumption handshake, so checking session ID for resumption is
pointless. This worked previously because the client always generated
new random value even in a true resumption handshake, but didn't
update the session parameters properly.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
-rw-r--r-- | lib/state.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/state.c b/lib/state.c index 96b400812d..9f306faf70 100644 --- a/lib/state.c +++ b/lib/state.c @@ -981,9 +981,9 @@ int gnutls_session_is_resumed(gnutls_session_t session) { if (session->security_parameters.entity == GNUTLS_CLIENT) { const version_entry_st *ver = get_version(session); - if (ver && ver->tls13_sem && - session->internals.resumed) - return 1; + if (ver && ver->tls13_sem) { + return session->internals.resumed; + } if (session->security_parameters.session_id_size > 0 && session->security_parameters.session_id_size == |