* by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve
* ciphersuites */
if (session->internals.cand_ec_group == NULL &&
- _gnutls_extension_list_check(session, GNUTLS_EXTENSION_SUPPORTED_ECC) < 0) {
+ !_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_SUPPORTED_ECC)) {
session->internals.cand_ec_group = _gnutls_id_to_group(DEFAULT_EC_GROUP);
}
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_extension_list_add_sr(session);
+ _gnutls_hello_ext_save_sr(session);
}
#endif
priv->safe_renegotiation_received = 1;
priv->connection_using_safe_renegotiation = 1;
- _gnutls_extension_list_add_sr(session);
+ _gnutls_hello_ext_save_sr(session);
if (set != 0)
_gnutls_ext_set_session_data(session,
return 0;
}
-void _gnutls_extension_list_add_sr(gnutls_session_t session)
-{
- _gnutls_extension_list_add(session, &ext_mod_sr, 1);
-}
-
typedef struct hello_ext_ctx_st {
gnutls_session_t session;
gnutls_ext_flags_t msg;
}
if (session->security_parameters.entity == GNUTLS_CLIENT) {
- if ((ret =
- _gnutls_extension_list_check(session, id)) < 0) {
+ if (!_gnutls_hello_ext_is_present(session, id)) {
_gnutls_debug_log("EXT[%p]: Received unexpected extension '%s/%d'\n", session,
gnutls_ext_get_name(tls_id), (int)tls_id);
- gnutls_assert();
- return ret;
+ return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
}
}
}
if (session->security_parameters.entity == GNUTLS_SERVER) {
- ret = _gnutls_extension_list_add(session, ext, 1);
+ ret = _gnutls_hello_ext_save(session, ext->gid, 1);
if (ret == 0)
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
}
/* ensure we don't send something twice (i.e, overriden extensions in
* client), and ensure we are sending only what we received in server. */
- ret = _gnutls_extension_list_check(session, p->gid);
+ ret = _gnutls_hello_ext_is_present(session, p->gid);
if (session->security_parameters.entity == GNUTLS_SERVER) {
- if (ret < 0) {/* not advertized */
+ if (ret == 0) /* not advertised */
return 0;
- }
} else {
- if (ret == 0) {/* already sent */
+ if (ret != 0) /* already sent */
return 0;
- }
}
if ((appended > 0 || ret == GNUTLS_E_INT_RET_0) &&
session->security_parameters.entity == GNUTLS_CLIENT) {
- _gnutls_extension_list_add(session, p, 0);
+ _gnutls_hello_ext_save(session, p->gid, 0);
}
return ret;
int _gnutls_ext_register(hello_ext_entry_st *);
-void _gnutls_extension_list_add_sr(gnutls_session_t session);
-
/* Checks if the extension @id provided has been requested
- * by us (in client side). In that case it returns zero,
- * otherwise a negative error value.
+ * by us (in client side). In that case it returns non-zero,
+ * otherwise zero.
*/
-inline static int
-_gnutls_extension_list_check(gnutls_session_t session, extensions_t id)
+inline static unsigned
+_gnutls_hello_ext_is_present(gnutls_session_t session, extensions_t id)
{
if (id != 0 && ((1 << id) & session->internals.used_exts))
- return 0;
+ return 1;
- return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
+ return 0;
}
/* Adds the extension we want to send in the extensions list.
* Returns zero if failed, non-zero on success.
*/
inline static
-unsigned _gnutls_extension_list_add(gnutls_session_t session,
- const struct hello_ext_entry_st *e,
- unsigned check_dup)
+unsigned _gnutls_hello_ext_save(gnutls_session_t session,
+ extensions_t id,
+ unsigned check_dup)
{
- if (check_dup && _gnutls_extension_list_check(session, e->gid) == 0) {
+ if (check_dup && _gnutls_hello_ext_is_present(session, id)) {
return 0;
}
- session->internals.used_exts |= (1 << e->gid);
+ session->internals.used_exts |= (1 << id);
return 1;
}
+inline static
+void _gnutls_hello_ext_save_sr(gnutls_session_t session)
+{
+ _gnutls_hello_ext_save(session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, 1);
+}
+
#endif
*
* To proceed, first check whether we have requested the certificate status
*/
- if (_gnutls_extension_list_check(session, GNUTLS_EXTENSION_STATUS_REQUEST) < 0) {
+ if (!_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_STATUS_REQUEST)) {
return 0;
}
projects / thirdparty / gnutls.git / commitdiff
