From: Nikos Mavrogiannopoulos Date: Thu, 23 Oct 2014 08:44:23 +0000 (+0200) Subject: always send the mandatory extensions (even in SSL 3.0) X-Git-Tag: gnutls_3_4_0~749 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ab891f4b064a7ebc1992b8a928085abdbf75248;p=thirdparty%2Fgnutls.git always send the mandatory extensions (even in SSL 3.0) The only way to force no extensions and usage of SCSVs is the %NO_EXTENSIONS priority string. --- diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index ce91e09395..cb00c821a9 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2054,7 +2054,7 @@ static int send_client_hello(gnutls_session_t session, int again) */ if (!session->internals.initial_negotiation_completed && session->security_parameters.entity == GNUTLS_CLIENT && - (hver->id == GNUTLS_SSL3 || + (hver->id == GNUTLS_SSL3 && session->internals.priorities.no_extensions != 0)) { ret = copy_ciphersuites(session, &extdata, @@ -2082,14 +2082,10 @@ static int send_client_hello(gnutls_session_t session, int again) /* Generate and copy TLS extensions. */ if (session->internals.priorities.no_extensions == 0) { - if (_gnutls_version_has_extensions(hver)) + if (_gnutls_version_has_extensions(hver)) { type = GNUTLS_EXT_ANY; - else { - if (session->internals. - initial_negotiation_completed != 0) - type = GNUTLS_EXT_MANDATORY; - else - type = GNUTLS_EXT_NONE; + } else { + type = GNUTLS_EXT_MANDATORY; } ret =