tls1.3: server returns early on handshake when no cert is provided by client

Under TLS1.3 the server knows the negotiated keys early, if no client certificate is sent. In that case, the server is not only able to transmit the session ticket immediately after its finished message, but is also able to transmit data, similarly to false start. Resolves #481 Resolves #457 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-07-19 15:52:26 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-08-03 09:18:17 +0200
commit: d47111032f5b20eed70093d988741da5d0e69952 (patch)
tree: db725ee0bf90d5d500a45c681bb07445574a8b86 /lib/session_pack.c
parent: 5b9c6c93c680fdfa63b2854741d446ff50002510 (diff)
download: gnutls-d47111032f5b20eed70093d988741da5d0e69952.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/session_pack.c b/lib/session_pack.c
index 615eb6c2a5..2ed04a8eeb 100644
--- a/lib/session_pack.c
+++ b/lib/session_pack.c
@@ -860,7 +860,8 @@ pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps)
 	size_t cur_size;
 
 	if (session->security_parameters.epoch_read
-	    != session->security_parameters.epoch_write) {
+	    != session->security_parameters.epoch_write &&
+	    !(session->internals.hsk_flags & HSK_EARLY_START_USED)) {
 		gnutls_assert();
 		return GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE;
 	}
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-07-19 15:52:26 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-08-03 09:18:17 +0200
commit	d47111032f5b20eed70093d988741da5d0e69952 (patch)
tree	db725ee0bf90d5d500a45c681bb07445574a8b86 /lib/session_pack.c
parent	5b9c6c93c680fdfa63b2854741d446ff50002510 (diff)
download	gnutls-d47111032f5b20eed70093d988741da5d0e69952.tar.gz