]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
safe renegotiation: handle case where client didn't send any extension
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 31 Jul 2015 14:03:25 +0000 (16:03 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 31 Jul 2015 14:06:04 +0000 (16:06 +0200)
That was affected by the "don't try to send extensions we didn't receive".

lib/ext/safe_renegotiation.c

index 30049360ffd725f65b7f6880c1b0c704a213492c..1586589d5d5545d3106dc58252ca3c030d5f9f2a 100644 (file)
@@ -60,6 +60,10 @@ _gnutls_ext_sr_finished(gnutls_session_t session, void *vdata,
                                           &epriv);
        if (ret < 0) {
                gnutls_assert();
+               /* if a client didn't advertise safe renegotiation, we treat
+                * it as disabled. */
+               if (session->security_parameters.entity == GNUTLS_SERVER)
+                       return 0;
                return ret;
        }
        priv = epriv;