<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p class="details" style="font-style: italic; color: #666;">
<a href="https://gitlab.com/dueno">Daiki Ueno</a> created an issue <a href="https://gitlab.com/gnutls/gnutls/-/issues/1074">#1074</a>:
</p>
<div></div>
<p dir="auto">The RFC suggests that ClientHello.legacy_session_id should be non-empty if TLS 1.3 client supports the middlebox compatibility mode, though GnuTLS client always sends empty session ID while <code>TLS13_APPENDIX_D4</code> is defined as 1. This is because, while the session id is generated in <code>send_client_hello</code>, it is not copied to the ClientHello:</p>
<pre class="code highlight js-syntax-highlight c" lang="c" v-pre="true"><code><span id="LC1" class="line" lang="c"><span class="cp">#ifdef TLS13_APPENDIX_D4</span></span>
<span id="LC2" class="line" lang="c"> <span class="k">if</span> <span class="p">(</span><span class="n">max_ver</span><span class="o">-></span><span class="n">tls13_sem</span> <span class="o">&&</span></span>
<span id="LC3" class="line" lang="c"> <span class="n">session</span><span class="o">-></span><span class="n">security_parameters</span><span class="p">.</span><span class="n">session_id_size</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span></span>
<span id="LC4" class="line" lang="c"></span>
<span id="LC5" class="line" lang="c"> <span class="cm">/* Under TLS1.3 we generate a random session ID to make</span></span>
<span id="LC6" class="line" lang="c"><span class="cm"> * the TLS1.3 session look like a resumed TLS1.2 session */</span></span>
<span id="LC7" class="line" lang="c"> <span class="n">ret</span> <span class="o">=</span> <span class="n">_gnutls_generate_session_id</span><span class="p">(</span><span class="n">session</span><span class="o">-></span><span class="n">security_parameters</span><span class="p">.</span></span>
<span id="LC8" class="line" lang="c"> <span class="n">session_id</span><span class="p">,</span></span>
<span id="LC9" class="line" lang="c"> <span class="o">&</span><span class="n">session</span><span class="o">-></span><span class="n">security_parameters</span><span class="p">.</span></span>
<span id="LC10" class="line" lang="c"> <span class="n">session_id_size</span><span class="p">);</span></span>
<span id="LC11" class="line" lang="c"> <span class="k">if</span> <span class="p">(</span><span class="n">ret</span> <span class="o"><</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span></span>
<span id="LC12" class="line" lang="c"> <span class="n">gnutls_assert</span><span class="p">();</span></span>
<span id="LC13" class="line" lang="c"> <span class="k">goto</span> <span class="n">cleanup</span><span class="p">;</span></span>
<span id="LC14" class="line" lang="c"> <span class="p">}</span></span>
<span id="LC15" class="line" lang="c"> <span class="p">}</span></span>
<span id="LC16" class="line" lang="c"><span class="cp">#endif</span></span>
<span id="LC17" class="line" lang="c"></span>
<span id="LC18" class="line" lang="c"> <span class="cm">/* Copy the Session ID - if any</span></span>
<span id="LC19" class="line" lang="c"><span class="cm"> */</span></span>
<span id="LC20" class="line" lang="c"> <span class="n">ret</span> <span class="o">=</span> <span class="n">_gnutls_buffer_append_data_prefix</span><span class="p">(</span><span class="o">&</span><span class="n">extdata</span><span class="p">,</span> <span class="mi">8</span><span class="p">,</span></span>
<span id="LC21" class="line" lang="c"> <span class="n">session</span><span class="o">-></span><span class="n">internals</span><span class="p">.</span><span class="n">resumed_security_parameters</span><span class="p">.</span><span class="n">session_id</span><span class="p">,</span></span>
<span id="LC22" class="line" lang="c"> <span class="n">session_id_len</span><span class="p">);</span></span>
<span id="LC23" class="line" lang="c"> <span class="k">if</span> <span class="p">(</span><span class="n">ret</span> <span class="o"><</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span></span>
<span id="LC24" class="line" lang="c"> <span class="n">gnutls_assert</span><span class="p">();</span></span>
<span id="LC25" class="line" lang="c"> <span class="k">goto</span> <span class="n">cleanup</span><span class="p">;</span></span>
<span id="LC26" class="line" lang="c"> <span class="p">}</span></span></code></pre>
<p dir="auto">We probably should set the local variable <code>session_id_len</code> and also point to <code>security_parameters.session_id</code> rather than <code>resumed_security_parameters.session_id</code>.</p>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1074">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/d21d6d0c6c78638d1f23ceb24a60fb8f/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1074"}}</script>
</p>
</div>
</body>
</html>