diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-01-10 07:56:17 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-01-10 07:58:12 +0100 |
| commit | 8409f849969b460b49fc6904b0340d84a2689aeb (patch) | |
| tree | d64dcbe8ad37b1921bd751d462e734f8d725ec3b /lib/ext/ext_master_secret.c | |
| parent | d894fed388b8d267df47a472e5d3055f8c35bbd6 (diff) | |
| download | gnutls-8409f849969b460b49fc6904b0340d84a2689aeb.tar.gz | |
The flag %NO_EXTENSIONS is disabling extension support while being functionaltmp-fix-no-extensions
That is, the %NO_EXTENSIONS option is the only documented way to disable
extensions completely from a session. Clarify that message, mention that
its behavior is undefined when combine with TLS1.3, and make sure that it
is functional. The latter makes sure that safe renegotiation and extended
master secret extensions remain disabled when this flag is given.
That simplifies testing certain scenarios under TLS1.0 or TLS1.1 when
no extensions must be used.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/ext/ext_master_secret.c')
| -rw-r--r-- | lib/ext/ext_master_secret.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index bafdd7ebd0..f4843e186f 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -72,6 +72,7 @@ _gnutls_ext_master_secret_recv_params(gnutls_session_t session, ssize_t data_size = _data_size; if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + session->internals.priorities->no_extensions || session->internals.no_ext_master_secret != 0) { return 0; } @@ -104,6 +105,7 @@ _gnutls_ext_master_secret_send_params(gnutls_session_t session, gnutls_buffer_st * extdata) { if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + session->internals.priorities->no_extensions != 0 || session->internals.no_ext_master_secret != 0) { session->security_parameters.ext_master_secret = 0; return 0; |