]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
always send the mandatory extensions (even in SSL 3.0)
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 23 Oct 2014 08:44:23 +0000 (10:44 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 23 Oct 2014 08:44:26 +0000 (10:44 +0200)
The only way to force no extensions and usage of SCSVs is the
%NO_EXTENSIONS priority string.

lib/gnutls_handshake.c

index ce91e09395c1ed0dde5fb91ede63d432b5317a9a..cb00c821a9f469ac11bf95271d1df902a4f95e1f 100644 (file)
@@ -2054,7 +2054,7 @@ static int send_client_hello(gnutls_session_t session, int again)
                 */
                if (!session->internals.initial_negotiation_completed &&
                    session->security_parameters.entity == GNUTLS_CLIENT &&
-                   (hver->id == GNUTLS_SSL3 ||
+                   (hver->id == GNUTLS_SSL3 &&
                     session->internals.priorities.no_extensions != 0)) {
                        ret =
                            copy_ciphersuites(session, &extdata,
@@ -2082,14 +2082,10 @@ static int send_client_hello(gnutls_session_t session, int again)
                /* Generate and copy TLS extensions.
                 */
                if (session->internals.priorities.no_extensions == 0) {
-                       if (_gnutls_version_has_extensions(hver))
+                       if (_gnutls_version_has_extensions(hver)) {
                                type = GNUTLS_EXT_ANY;
-                       else {
-                               if (session->internals.
-                                   initial_negotiation_completed != 0)
-                                       type = GNUTLS_EXT_MANDATORY;
-                               else
-                                       type = GNUTLS_EXT_NONE;
+                       } else {
+                               type = GNUTLS_EXT_MANDATORY;
                        }
 
                        ret =