[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The netsec thread
From: |
Robert Pluim |
Subject: |
Re: The netsec thread |
Date: |
Tue, 03 Sep 2019 17:37:53 +0200 |
>>>>> On Tue, 3 Sep 2019 06:30:25 -0700, Paul Eggert <address@hidden> said:
Paul> Robert Pluim wrote:
>> In a similar vein: TLS1.3 removed support for renegotiation, so should
>> the following in gnutls-peer-status be made conditional on TLS1.3
>> having not been negotiated?
>> /* Renegotiation Indication */
>> result = nconc2
>> (result, list2 (intern (":safe-renegotiation"),
>> gnutls_safe_renegotiation_status (state) ? Qt : Qnil));
Paul> If the Lisp code doesn't care or need it and if it's easy to suppress,
Paul> it'd make sense to do that, yes. I don't have an opinion since I don't
Paul> know GnuTLS that well.
The only code that cares is NSM, which can be fixed, and itʼs easy
enough to remove as well. The GNUTLS_TLS1_3 define was added in GnuTLS
3.6.3, so we can check for the version if you prefer.
Robert
diff --git a/src/gnutls.c b/src/gnutls.c
index 042f43e291..9336f1e382 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1519,10 +1519,13 @@ DEFUN ("gnutls-peer-status", Fgnutls_peer_status,
Sgnutls_peer_status, 1, 1, 0,
gnutls_session_etm_status (state) ? Qt : Qnil));
#endif
- /* Renegotiation Indication */
- result = nconc2
- (result, list2 (intern (":safe-renegotiation"),
- gnutls_safe_renegotiation_status (state) ? Qt : Qnil));
+ /* Renegotiation Indication. Only for TLS protocol version < 1.3. */
+#ifdef GNUTLS_TLS1_3
+ if (gnutls_protocol_get_version (state) < GNUTLS_TLS1_3)
+#endif
+ result = nconc2
+ (result, list2 (intern (":safe-renegotiation"),
+ gnutls_safe_renegotiation_status (state) ? Qt : Qnil));
return result;
}
- Re: The netsec thread, Robert Pluim, 2019/09/03
- Re: The netsec thread, Paul Eggert, 2019/09/03
- Re: The netsec thread,
Robert Pluim <=
- Re: The netsec thread, Paul Eggert, 2019/09/03
- Re: The netsec thread, Robert Pluim, 2019/09/03
- Re: The netsec thread, Lars Ingebrigtsen, 2019/09/04
- Re: The netsec thread, Robert Pluim, 2019/09/04
- Re: The netsec thread, Paul Eggert, 2019/09/04
- Re: The netsec thread, Robert Pluim, 2019/09/04
- Re: The netsec thread, Robert Pluim, 2019/09/05
- Re: The netsec thread, Paul Eggert, 2019/09/05
- Re: The netsec thread, Robert Pluim, 2019/09/05
- Re: The netsec thread, Lars Ingebrigtsen, 2019/09/04