From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 21 Aug 2015 12:35:09 +0000 (+0200)
Subject: Set the extended master secret status based on resumption data only
X-Git-Tag: gnutls_3_5_0~725
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9f845a71b5f97ca0bf8a40dbcfaf6889ce6a3c02;p=thirdparty%2Fgnutls.git

Set the extended master secret status based on resumption data only

That is, don't require a new negotiation with extensions.
---

diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c
index 0d90347845..9610f1207b 100644
--- a/lib/ext/ext_master_secret.c
+++ b/lib/ext/ext_master_secret.c
@@ -38,7 +38,7 @@ static int _gnutls_ext_master_secret_send_params(gnutls_session_t session,
 extension_entry_st ext_mod_ext_master_secret = {
 	.name = "EXT MASTER SECRET",
 	.type = GNUTLS_EXTENSION_EXT_MASTER_SECRET,
-	.parse_type = GNUTLS_EXT_MANDATORY,
+	.parse_type = GNUTLS_EXT_TLS,
 
 	.recv_func = _gnutls_ext_master_secret_recv_params,
 	.send_func = _gnutls_ext_master_secret_send_params,
diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c
index 0196c371f5..82737d2c86 100644
--- a/lib/gnutls_db.c
+++ b/lib/gnutls_db.c
@@ -301,11 +301,9 @@ _gnutls_server_restore_session(gnutls_session_t session,
 		return ret;
 	}
 
-	/* Do not allow the resumption of a session which switches the
-	 * state of ext_master_secret */
-	if (session->internals.resumed_security_parameters.ext_master_secret !=
-	    session->security_parameters.ext_master_secret)
-	    return gnutls_assert_val(GNUTLS_E_INVALID_SESSION);
+	/* Force the state of ext_master_secret based on the resumed parameters */
+	if (session->internals.resumed_security_parameters.ext_master_secret != 0)
+	    session->security_parameters.ext_master_secret = 1;
 
 	return 0;
 }