diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ext/ext_master_secret.c | 4 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 6 | ||||
| -rw-r--r-- | lib/state.c | 4 |
3 files changed, 7 insertions, 7 deletions
diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index a438cd7b18..95e64bd0d7 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -74,7 +74,7 @@ _gnutls_ext_master_secret_recv_params(gnutls_session_t session, { ssize_t data_size = _data_size; - if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + if ((session->internals.flags & GNUTLS_NO_DEFAULT_EXTENSIONS) || session->internals.priorities->no_extensions || session->internals.no_ext_master_secret != 0) { return 0; @@ -106,7 +106,7 @@ static int _gnutls_ext_master_secret_send_params(gnutls_session_t session, gnutls_buffer_st * extdata) { - if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + if ((session->internals.flags & GNUTLS_NO_DEFAULT_EXTENSIONS) || session->internals.priorities->no_extensions != 0 || session->internals.no_ext_master_secret != 0) { session->security_parameters.ext_master_secret = 0; diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index c3ff442cb7..64098c5b36 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -438,7 +438,7 @@ typedef enum { * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). Since 3.0.0. * @GNUTLS_NONBLOCK: Connection should not block. Since 3.0.0. * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2). - * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. + * @GNUTLS_NO_DEFAULT_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2. * @GNUTLS_ALLOW_ID_CHANGE: Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0. * @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0. @@ -499,7 +499,7 @@ typedef enum { GNUTLS_CLIENT = (1 << 1), GNUTLS_DATAGRAM = (1 << 2), GNUTLS_NONBLOCK = (1 << 3), - GNUTLS_NO_EXTENSIONS = (1 << 4), + GNUTLS_NO_DEFAULT_EXTENSIONS = (1 << 4), GNUTLS_NO_REPLAY_PROTECTION = (1 << 5), GNUTLS_NO_SIGNAL = (1 << 6), GNUTLS_ALLOW_ID_CHANGE = (1 << 7), @@ -528,7 +528,7 @@ typedef enum { # define GNUTLS_CLIENT (1<<1) # define GNUTLS_DATAGRAM (1<<2) # define GNUTLS_NONBLOCK (1<<3) -# define GNUTLS_NO_EXTENSIONS (1<<4) +# define GNUTLS_NO_DEFAULT_EXTENSIONS (1<<4) # define GNUTLS_NO_REPLAY_PROTECTION (1<<5) # define GNUTLS_NO_SIGNAL (1<<6) # define GNUTLS_ALLOW_ID_CHANGE (1<<7) diff --git a/lib/state.c b/lib/state.c index 631299846b..5d732b0f17 100644 --- a/lib/state.c +++ b/lib/state.c @@ -556,7 +556,7 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session) * * Note that since version 3.1.2 this function enables some common * TLS extensions such as session tickets and OCSP certificate status - * request in client side by default. To prevent that use the %GNUTLS_NO_EXTENSIONS + * request in client side by default. To prevent that use the %GNUTLS_NO_DEFAULT_EXTENSIONS * flag. * * Note that it is never mandatory to use gnutls_deinit() after this @@ -718,7 +718,7 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) } /* Enable useful extensions */ - if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) { + if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_DEFAULT_EXTENSIONS)) { #ifdef ENABLE_OCSP if (!(flags & GNUTLS_NO_STATUS_REQUEST)) gnutls_ocsp_status_request_enable_client(*session, NULL, |