@item %NO_EXTENSIONS @tab
will prevent the sending of any TLS extensions in client side. Note
that TLS 1.2 requires extensions to be used, as well as safe
-renegotiation thus this option must be used with care.
+renegotiation thus this option must be used with care. When this option
+is set with TLS1.3 enabled the session behavior is undefined.
@item %NO_TICKETS @tab
will prevent the advertizing of the TLS session ticket extension.
ssize_t data_size = _data_size;
if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) ||
+ session->internals.priorities->no_extensions ||
session->internals.no_ext_master_secret != 0) {
return 0;
}
gnutls_buffer_st * extdata)
{
if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) ||
+ session->internals.priorities->no_extensions != 0 ||
session->internals.no_ext_master_secret != 0) {
session->security_parameters.ext_master_secret = 0;
return 0;
sr_ext_st *priv;
gnutls_ext_priv_data_t epriv;
- if (session->internals.priorities->sr == SR_DISABLED) {
+ if (session->internals.priorities->sr == SR_DISABLED ||
+ session->internals.priorities->no_extensions) {
return 0;
}
&server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
- gnutls_init(&server, GNUTLS_SERVER|GNUTLS_NO_EXTENSIONS);
+ gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
serverx509cred);
assert(gnutls_priority_set_direct(server, prio, NULL)>=0);
if (ret < 0)
exit(1);
- ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS);
+ ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
void doit(void)
{
- start("NORMAL:-VERS-ALL:+VERS-TLS1.0:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION");
+ start("NORMAL:-VERS-ALL:+VERS-TLS1.0:%NO_EXTENSIONS");
+ start("NORMAL:-VERS-ALL:+VERS-TLS1.1:%NO_EXTENSIONS");
+ start("NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_EXTENSIONS");
}
projects / thirdparty / gnutls.git / commitdiff
