priorities: when %NO_EXTENSIONS is specified disable TLS1.3

This makes the behavior of this priority string option well-defined
even when TLS1.3 is enabled.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/NEWS b/NEWS
index 9d3a7d8c65538ab6cc33fbfb44e0bc3ddfbb9f6d..43feb1f8ca5cae11ae32c6dd7be208f2392e88e2 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,10 @@ See the end for copying conditions.
 ** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
    the CKA_SIGN is not set (#667).
 
+** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
+   disable extensions at all cases, while providing a functional session. This
+   also implies that when specified, TLS1.3 is disabled.
+
 ** GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous
    definition was buggy and non-functional.
 

diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 8d5d9b7cfa191066bf102d2d8bd1ba75a6865ca8..9831db2da4f7339c05e767cd5bc3f3679f8f40bc 100644 (file)
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1508,7 +1508,7 @@ with %COMPAT.
 will prevent the sending of any TLS extensions in client side. Note
 that TLS 1.2 requires extensions to be used, as well as safe
 renegotiation thus this option must be used with care. When this option
-is set with TLS1.3 enabled the session behavior is undefined.
+is set no versions later than TLS1.2 can be negotiated.
 
 @item %NO_TICKETS @tab
 will prevent the advertizing of the TLS session ticket extension.

diff --git a/lib/priority.c b/lib/priority.c
index 2699901d26b53dd4e6583d816c121167fab11073..c942ec4232057afc4eab4e9c5c39f9077b702cdf 100644 (file)
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -1248,7 +1248,7 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache)
 
        /* if we have NULL ciphersuites, SRP, or RSA-PSK enabled remove TLS1.3+
         * protocol versions; they cannot be negotiated under TLS1.3. */
-       if (have_null || have_srp || have_rsa_psk) {
+       if (have_null || have_srp || have_rsa_psk || priority_cache->no_extensions) {
                for (i = j = 0; i < priority_cache->protocol.num_priorities; i++) {
                        vers = version_to_entry(priority_cache->protocol.priorities[i]);
                        if (!vers || !vers->tls13_sem)

diff --git a/tests/no-extensions.c b/tests/no-extensions.c
index 9ea03446edc4ee9a490e5b8fd69940921d4a2e61..dd75477f0903b2de76a308b277da24b12963a5fa 100644 (file)
--- a/tests/no-extensions.c
+++ b/tests/no-extensions.c
@@ -104,7 +104,7 @@ static int client_handshake_callback(gnutls_session_t session, unsigned int htyp
 }
 
 static
-void start(const char *prio)
+void start(const char *prio, gnutls_protocol_t exp_version)
 {
        int ret;
        /* Server stuff. */
@@ -184,6 +184,8 @@ void start(const char *prio)
                }
        }
 
+       assert(gnutls_protocol_get_version(server) == exp_version);
+
        assert(gnutls_certificate_type_get(server)==GNUTLS_CRT_X509);
        assert(gnutls_certificate_type_get(client)==GNUTLS_CRT_X509);
 
@@ -203,7 +205,8 @@ void start(const char *prio)
 
 void doit(void)
 {
-       start("NORMAL:-VERS-ALL:+VERS-TLS1.0:%NO_EXTENSIONS");
-       start("NORMAL:-VERS-ALL:+VERS-TLS1.1:%NO_EXTENSIONS");
-       start("NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_EXTENSIONS");
+       start("NORMAL:-VERS-ALL:+VERS-TLS1.0:%NO_EXTENSIONS", GNUTLS_TLS1_0);
+       start("NORMAL:-VERS-ALL:+VERS-TLS1.1:%NO_EXTENSIONS", GNUTLS_TLS1_1);
+       start("NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_EXTENSIONS", GNUTLS_TLS1_2);
+       start("NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%NO_EXTENSIONS", GNUTLS_TLS1_2);
 }