summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/algorithms/protocols.c6
-rw-r--r--lib/gnutls_int.h3
-rw-r--r--lib/supplemental.c5
3 files changed, 13 insertions, 1 deletions
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c
index bfefdec808..8c085b7d34 100644
--- a/lib/algorithms/protocols.c
+++ b/lib/algorithms/protocols.c
@@ -284,6 +284,9 @@ const version_entry_st *_gnutls_version_max(gnutls_session_t session)
if (!p->supported || p->transport != session->internals.transport)
break;
+ if (p->tls13_sem && (session->internals.flags & INT_FLAG_NO_TLS13))
+ break;
+
if (max == NULL || cur_prot > max->id) {
max = p;
}
@@ -491,6 +494,9 @@ _gnutls_version_is_supported(gnutls_session_t session,
#ifndef ENABLE_SSL3
if (p->obsolete != 0) return 0;
#endif
+ if (p->tls13_sem && (session->internals.flags & INT_FLAG_NO_TLS13))
+ return 0;
+
ret = p->supported && p->transport == session->internals.transport;
break;
}
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 5868c12bdc..0e037ada5e 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1307,7 +1307,8 @@ typedef struct {
/* if set, server and client random were set by the application */
bool sc_random_set;
- unsigned flags; /* the flags in gnutls_init() */
+#define INT_FLAG_NO_TLS13 (1LL<<60)
+ uint64_t flags; /* the flags in gnutls_init() and GNUTLS_INT_FLAGS */
/* a verify callback to override the verify callback from the credentials
* structure */
diff --git a/lib/supplemental.c b/lib/supplemental.c
index 65fc18697d..a0996a1285 100644
--- a/lib/supplemental.c
+++ b/lib/supplemental.c
@@ -324,6 +324,9 @@ gnutls_supplemental_register(const char *name, gnutls_supplemental_data_format_t
* If the type is already registered or handled by GnuTLS internally
* %GNUTLS_E_ALREADY_REGISTERED will be returned.
*
+ * As supplemental data are not defined under TLS 1.3, this function will
+ * disable TLS 1.3 support for the given session.
+ *
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
*
* Since: 3.5.5
@@ -359,6 +362,8 @@ gnutls_session_supplemental_register(gnutls_session_t session, const char *name,
memcpy(&session->internals.rsup[session->internals.rsup_size], &tmp_entry, sizeof(tmp_entry));
session->internals.rsup_size++;
+ session->internals.flags |= INT_FLAG_NO_TLS13;
+
return GNUTLS_E_SUCCESS;
}