diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-10-22 19:33:44 +0300 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-10-23 00:07:06 +0300 |
| commit | 9553b32ffc4a0facaec4fa087ba56909bb939e8c (patch) | |
| tree | 375cdebf8237aa19a1c68b7a90e3040dfc1b8774 /lib/gnutls_handshake.h | |
| parent | 4f214970374c474692dd18032246a14b2e3686c5 (diff) | |
| download | gnutls-9553b32ffc4a0facaec4fa087ba56909bb939e8c.tar.gz | |
1. Fix for memory leaks on interrupted handshake.
2. Fixes issue where a TLS 1.2 client will wrongly calculate hashes if the server will select a different than 1.2 protocol.
3. In TLS 1.2 when a certificate request is sent, support is not complete. In that case abort the handshake. By checking
TLS 1.2 it seems that the algorithms to be used for the signature in the certificate verify message are negotiated not at
the client/server hello messages but rather selected by the server at the certificate request. This might not look as bad, but
since in this message we have to sign all previous handshake messages, it forces us to keep all the handshake messages into a
buffer until this point... I don't know who proposed this change to the TLS WG, but it seems it wasn't really thought of.
Diffstat (limited to 'lib/gnutls_handshake.h')
| -rw-r--r-- | lib/gnutls_handshake.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h index f1b1bd66cc..2f484f5a7f 100644 --- a/lib/gnutls_handshake.h +++ b/lib/gnutls_handshake.h @@ -55,6 +55,8 @@ int _gnutls_negotiate_version (gnutls_session_t session, int _gnutls_user_hello_func (gnutls_session_t session, gnutls_protocol_t adv_version); +void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session); + #define STATE session->internals.handshake_state /* This returns true if we have got there * before (and not finished due to an interrupt). |