* Version 2.7.5 (unreleased)
+** libgnutls: result_size in gnutls_hex_encode now holds
+the size of the result. Report by John Brooks <special@dereferenced.net>.
+
+** libgnutls: gnutls_handshake when sending client hello during a
+rehandshake, will not offer a version number larger than the current.
+Reported by Tristan Hill <stan@saticed.me.uk>.
+
** libgnutls: Permit V1 Certificate Authorities properly.
Before they were mistakenly rejected even though
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
opaque rnd[GNUTLS_RANDOM_SIZE];
gnutls_protocol_t hver;
opaque extdata[MAX_EXT_DATA_LENGTH];
+ int rehandshake = 0;
opaque *SessionID =
session->internals.resumed_security_parameters.session_id;
uint8_t session_id_len =
session->internals.resumed_security_parameters.session_id_size;
+ if (session->security_parameters.session_id_size)
+ rehandshake = 1;
+
if (SessionID == NULL)
session_id_len = 0;
else if (session_id_len == 0)
* version number to the previously established.
*/
if (SessionID == NULL)
- hver = _gnutls_version_max (session);
+ {
+ if (rehandshake) /* already negotiated version thus version_max == negotiated version */
+ hver = session->security_parameters.version;
+ else
+ hver = _gnutls_version_max (session);
+ }
else
{ /* we are resuming a session */
hver = session->internals.resumed_security_parameters.version;