This adds support of the final RFC numbers.
Resolves #542
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Version 3.6.4 (unreleased)
+** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
+
** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
gnutls_certificate_set_retrieve_function() which could not handle the case where
no certificates were returned, or the callbacks were set to NULL (see #528).
-Subproject commit 09fb65d5e413b7b87bf26f01ec441b44a03d4ee2
+Subproject commit 2805ee1e095a78f596dc7adf778441e2edb9f15c
.tls_sig_sem = SIG_SEM_PRE_TLS12,
.false_start = 1
},
-#ifdef TLS13_FINAL_VERSION
{.name = "TLS1.3",
.id = GNUTLS_TLS1_3,
.age = 5,
.false_start = 0, /* doesn't make sense */
.tls_sig_sem = SIG_SEM_TLS13
},
-#else
- {.name = "TLS1.3",
- .id = GNUTLS_TLS1_3,
- .age = 5,
- .major = 0x7f,
- .minor = 28,
- .transport = GNUTLS_STREAM,
- .supported = 1,
- .explicit_iv = 0,
- .extensions = 1,
- .selectable_sighash = 1,
- .selectable_prf = 1,
- .tls13_sem = 1,
- .obsolete = 0,
- .only_extension = 1,
- .post_handshake_auth = 1,
- .key_shares = 1,
- .false_start = 0, /* doesn't make sense */
- .tls_sig_sem = SIG_SEM_TLS13
- },
-#endif
{.name = "DTLS0.9", /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
.id = GNUTLS_DTLS0_9,
.age = 200,
} \
}
-#define KEY_EXP_VALUE "\x42\xba\x1d\x14\x6d\x09\x4f\x64\x7a\x65\xc0\x39\xf8\xd6\x98\xa7\x71\xcd\xb5\xd1\x8d\xf7\x70\xca\x22\x2d\xad\x3f\xac\x47\xe9\x13\xfa\xd0"
-#define HELLO_VALUE "\x0a\xc9\xa4\x5b\xf8\x19\x07\x1c\x56\x61\x7f\xcf\x71\x8b\xff\x0d\xc3\x74\xd7\xf3\x12\xd8\xde\xa8\x33\xcb\x3d\xf3\xc2\x78\x51"
-#define CONTEXT_VALUE "\x7c\x89\xaf\x6f\x98\xbd\xa4\xc4\xad\x10\x54\xc2\x6d\x87\xb3\x94\x02\x62\x2f\x1f\x64\x82\x10\x30\xb6\x49\x08\x2f\x0d\x82\xc1"
-#define NULL_CONTEXT_VALUE "\xa6\xf4\x67\x86\x16\x06\xd0\x53\xcf\x19\xc7\x26\xa4\x94\xc4\x78\xea\xeb\x51\x8e\x04\x0b\x53\xaf\x9f\xde\x0b\xe8\xc3\x08\x04"
+#define KEY_EXP_VALUE "\xfb\xcb\x96\x87\x8c\x64\x8b\x60\xef\xdc\x76\xb0\x7c\x3b\xd1\x50\x1e\xb1\x3f\x39\xb2\x20\x74\x2c\xb2\x76\x12\x9f\xfc\xad\xb9\xce\x1d\x9a"
+#define HELLO_VALUE "\x61\x32\x14\x81\x9b\xa0\x43\xcd\x39\xbf\x63\x18\x7c\xb7\xf3\x02\x65\xab\x2c\xa4\xaf\xbc\x1c\x7a\x1d\xa4\xc5\x28\x8f\x45\x68"
+#define CONTEXT_VALUE "\xa7\x3c\xa7\x59\x94\x33\xb4\x97\x90\x92\x8c\xe2\x39\xda\x56\x42\x4a\xeb\xeb\xab\x73\xc4\x20\xf0\x34\x4f\xda\xf8\x17\xf5\xbd"
+#define NULL_CONTEXT_VALUE "\x66\xa1\x0a\xcb\xfa\x28\x85\x79\xa3\x30\xeb\xc5\xd5\x50\x62\xdd\xb4\x9c\xa7\x0b\x0b\xe0\x28\x03\x18\xfb\x32\x3d\x37\xf2\xe5"
static void check_prfs(gnutls_session_t session)
{
unsigned char key_material[512];
(int)msg->data[pos+2], (int)msg->data[pos+3],
(int)msg->data[pos+4], (int)msg->data[pos+5]);
-#ifdef TLS13_FINAL_VERSION
if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x04) {
-#else
- if (msg->data[pos] != 0x7f || msg->data[pos+1] != 28) {
-#endif
fail("fail expected TLS 1.3, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]);
}
pos+=2;
projects / thirdparty / gnutls.git / commitdiff
