diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-19 14:42:13 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-06-21 04:39:54 +0000 |
| commit | cda9b9f4ee9758ec95d49af674fb13e9a622ad9a (patch) | |
| tree | d64b609ee0c1bbe2503e9cbc6c316ed559537f59 | |
| parent | 78780e9c8e4811e08562f801f21e2d1c7f0cc986 (diff) | |
| download | gnutls-cda9b9f4ee9758ec95d49af674fb13e9a622ad9a.tar.gz | |
gnutls_session_supplemental_register: disable TLS1.3 when set
This allows using the registered supplemental data handlers, since
these are not used under TLS 1.3.
Resolves #479
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/algorithms/protocols.c | 6 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 3 | ||||
| -rw-r--r-- | lib/supplemental.c | 5 |
3 files changed, 13 insertions, 1 deletions
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index bfefdec808..8c085b7d34 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -284,6 +284,9 @@ const version_entry_st *_gnutls_version_max(gnutls_session_t session) if (!p->supported || p->transport != session->internals.transport) break; + if (p->tls13_sem && (session->internals.flags & INT_FLAG_NO_TLS13)) + break; + if (max == NULL || cur_prot > max->id) { max = p; } @@ -491,6 +494,9 @@ _gnutls_version_is_supported(gnutls_session_t session, #ifndef ENABLE_SSL3 if (p->obsolete != 0) return 0; #endif + if (p->tls13_sem && (session->internals.flags & INT_FLAG_NO_TLS13)) + return 0; + ret = p->supported && p->transport == session->internals.transport; break; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 5868c12bdc..0e037ada5e 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1307,7 +1307,8 @@ typedef struct { /* if set, server and client random were set by the application */ bool sc_random_set; - unsigned flags; /* the flags in gnutls_init() */ +#define INT_FLAG_NO_TLS13 (1LL<<60) + uint64_t flags; /* the flags in gnutls_init() and GNUTLS_INT_FLAGS */ /* a verify callback to override the verify callback from the credentials * structure */ diff --git a/lib/supplemental.c b/lib/supplemental.c index 65fc18697d..a0996a1285 100644 --- a/lib/supplemental.c +++ b/lib/supplemental.c @@ -324,6 +324,9 @@ gnutls_supplemental_register(const char *name, gnutls_supplemental_data_format_t * If the type is already registered or handled by GnuTLS internally * %GNUTLS_E_ALREADY_REGISTERED will be returned. * + * As supplemental data are not defined under TLS 1.3, this function will + * disable TLS 1.3 support for the given session. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.5.5 @@ -359,6 +362,8 @@ gnutls_session_supplemental_register(gnutls_session_t session, const char *name, memcpy(&session->internals.rsup[session->internals.rsup_size], &tmp_entry, sizeof(tmp_entry)); session->internals.rsup_size++; + session->internals.flags |= INT_FLAG_NO_TLS13; + return GNUTLS_E_SUCCESS; } |