ret = gnutls_ext_register (GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
"SAFE_RENEGOTIATION",
- GNUTLS_EXT_TLS,
+ GNUTLS_EXT_RESUMED,
_gnutls_safe_renegotiation_recv_params,
_gnutls_safe_renegotiation_send_params);
if (ret != GNUTLS_E_SUCCESS)
if (ret == 0)
{ /* resumed! */
+ /* Parse only the safe renegotiation extension
+ * We don't want to parse any other extensions since
+ * we don't want new extension values to overwrite the
+ * resumed ones.
+ */
+
+ /* move forward to extensions */
+ DECR_LEN (len, 2);
+ suite_size = _gnutls_read_uint16 (&data[pos]);
+ pos += 2;
+
+ DECR_LEN (len, suite_size);
+ pos += suite_size;
+
+ DECR_LEN (len, 1);
+ comp_size = data[pos++]; /* z is the number of compression methods */
+ DECR_LEN (len, comp_size);
+ pos += comp_size;
+
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_RESUMED,
+ &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
resume_copy_required_values (session);
session->internals.resumed = RESUME_TRUE;
return ret;
}
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_RESUMED,
+ &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
ret = _gnutls_parse_extensions (session, GNUTLS_EXT_TLS,
&data[pos], len);
- /* len is the rest of the parsed length */
if (ret < 0)
{
gnutls_assert ();
*/
if (_gnutls_client_check_if_resuming
(session, &data[pos], session_id_len) == 0)
- return 0;
- pos += session_id_len;
+ {
+ pos += session_id_len + 2 + 1;
+ DECR_LEN (len, 2+1);
+
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_RESUMED,
+ &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return 0;
+ }
+ pos += session_id_len;
/* Check if the given cipher suite is supported and copy
* it to the session.
*/
ret = _gnutls_parse_extensions (session, GNUTLS_EXT_ANY,
&data[pos], len);
- /* len is the rest of the parsed length */
if (ret < 0)
{
gnutls_assert ();
{
GNUTLS_EXT_ANY,
GNUTLS_EXT_APPLICATION,
- GNUTLS_EXT_TLS
+ GNUTLS_EXT_TLS,
+ GNUTLS_EXT_RESUMED, /* parse even if resuming */
} gnutls_ext_parse_type_t;
int gnutls_ext_register (int type,
int expect_resume;
};
+pid_t child;
+
struct params_res resume_tests[] = {
{"try to resume from db", 50, 0, 0, 1},
#ifdef ENABLE_SESSION_TICKET
#define MAX_BUF 1024
#define MSG "Hello TLS"
+static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "%s |<%d>| %s", child ? "server" : "client", level, str);
+}
+
static void
client (struct params_res *params)
{
int t;
gnutls_datum_t session_data;
+ if (debug)
+ {
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (4);
+ }
gnutls_global_init ();
gnutls_anon_allocate_client_credentials (&anoncred);
/* this must be called once in the program, it is mostly for the server.
*/
- gnutls_global_init ();
+ if (debug)
+ {
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (4);
+ }
+ gnutls_global_init ();
gnutls_anon_allocate_server_credentials (&anoncred);
success ("Launched, generating DH parameters...\n");
void
doit (void)
{
- pid_t child;
int i;
for (i = 0; resume_tests[i].desc; i++)