TLS extensions: only cache the extension IDs from exts that the server supports

That avoids imposing any artificial limits on the number of extensions that
a server can handle.

Resolves #136

diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index 76624a21d6a3afbea124d2545cdc19d17cc408b7..38c4f9163ccccc4b1533d0a122886b084788915c 100644 (file)
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -174,8 +174,6 @@ _gnutls_parse_extensions(gnutls_session_t session,
                                gnutls_assert();
                                return ret;
                        }
-               } else {
-                       _gnutls_extension_list_add(session, type);
                }
 
                DECR_LENGTH_RET(next, 2, 0);
@@ -195,6 +193,11 @@ _gnutls_parse_extensions(gnutls_session_t session,
                        continue;
                }
 
+               /* only store the extension number if we support it */
+               if (session->security_parameters.entity == GNUTLS_SERVER) {
+                       _gnutls_extension_list_add(session, type);
+               }
+
                _gnutls_handshake_log
                    ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
                     session, _gnutls_extension_get_name(type), type,
@@ -213,8 +216,11 @@ _gnutls_parse_extensions(gnutls_session_t session,
 }
 
 /* Adds the extension we want to send in the extensions list.
- * This list is used to check whether the (later) received
+ * This list is used in client side to check whether the (later) received
  * extensions are the ones we requested.
+ *
+ * In server side, this list is used to ensure we don't send
+ * extensions that we didn't receive a corresponding value.
  */
 void _gnutls_extension_list_add(gnutls_session_t session, uint16_t type)
 {