It seems other implementations define the secure renegotiation flag to

be part of the connection rather than part of the session. That really
does make more sense, so go with it.

Changes the format of serialized sessions, but we already broke that
with the crypto change.

3 files changed, 3 insertions, 16 deletions

diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index a8e433514..d6677c0f9 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -385,7 +385,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state,
                session_info.ciphersuite_code(),
                session_info.compression_method(),
                session_info.fragment_size(),
-               secure_renegotiation_supported(),
+               state.client_hello()->secure_renegotiation(),
                secure_renegotiation_data_for_server_hello(),
                offer_new_session_ticket,
                state.client_hello()->next_protocol_notification(),
@@ -481,7 +481,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state,
                                   state.client_hello()),
                choose_compression(m_policy, state.client_hello()->compression_methods()),
                state.client_hello()->fragment_size(),
-               secure_renegotiation_supported(),
+               state.client_hello()->secure_renegotiation(),
                secure_renegotiation_data_for_server_hello(),
                state.client_hello()->supports_session_ticket() && have_session_ticket_key,
                state.client_hello()->next_protocol_notification(),
diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp
index ed51ea580..ae57de0c2 100644
--- a/src/tls/tls_session.cpp
+++ b/src/tls/tls_session.cpp
@@ -24,7 +24,6 @@ Session::Session(const std::vector<byte>& session_identifier,
                  u16bit ciphersuite,
                  byte compression_method,
                  Connection_Side side,
-                 bool secure_renegotiation_supported,
                  size_t fragment_size,
                  const std::vector<X509_Certificate>& certs,
                  const std::vector<byte>& ticket,
@@ -38,7 +37,6 @@ Session::Session(const std::vector<byte>& session_identifier,
    m_ciphersuite(ciphersuite),
    m_compression_method(compression_method),
    m_connection_side(side),
-   m_secure_renegotiation_supported(secure_renegotiation_supported),
    m_fragment_size(fragment_size),
    m_peer_certs(certs),
    m_sni_hostname(sni_hostname),
@@ -78,7 +76,6 @@ Session::Session(const byte ber[], size_t ber_len)
         .decode_integer_type(m_compression_method)
         .decode_integer_type(side_code)
         .decode_integer_type(m_fragment_size)
-        .decode(m_secure_renegotiation_supported)
         .decode(m_master_secret, OCTET_STRING)
         .decode(peer_cert_bits, OCTET_STRING)
         .decode(sni_hostname_str)
@@ -119,7 +116,6 @@ secure_vector<byte> Session::DER_encode() const
          .encode(static_cast<size_t>(m_compression_method))
          .encode(static_cast<size_t>(m_connection_side))
          .encode(static_cast<size_t>(m_fragment_size))
-         .encode(m_secure_renegotiation_supported)
          .encode(m_master_secret, OCTET_STRING)
          .encode(peer_cert_bits, OCTET_STRING)
          .encode(ASN1_String(m_sni_hostname, UTF8_STRING))
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h
index ac18ebb48..206a75081 100644
--- a/src/tls/tls_session.h
+++ b/src/tls/tls_session.h
@@ -36,7 +36,6 @@ class BOTAN_DLL Session
          m_ciphersuite(0),
          m_compression_method(0),
          m_connection_side(static_cast<Connection_Side>(0)),
-         m_secure_renegotiation_supported(false),
          m_fragment_size(0)
             {}
 
@@ -49,7 +48,6 @@ class BOTAN_DLL Session
               u16bit ciphersuite,
               byte compression_method,
               Connection_Side side,
-              bool secure_renegotiation_supported,
               size_t fragment_size,
               const std::vector<X509_Certificate>& peer_certs,
               const std::vector<byte>& session_ticket,
@@ -162,12 +160,6 @@ class BOTAN_DLL Session
       size_t fragment_size() const { return m_fragment_size; }
 
       /**
-      * Is secure renegotiation supported?
-      */
-      bool secure_renegotiation() const
-         { return m_secure_renegotiation_supported; }
-
-      /**
       * Return the certificate chain of the peer (possibly empty)
       */
       std::vector<X509_Certificate> peer_certs() const { return m_peer_certs; }
@@ -189,7 +181,7 @@ class BOTAN_DLL Session
       const std::vector<byte>& session_ticket() const { return m_session_ticket; }
 
    private:
-      enum { TLS_SESSION_PARAM_STRUCT_VERSION = 0x2994e300 };
+      enum { TLS_SESSION_PARAM_STRUCT_VERSION = 0x2994e301 };
 
       std::chrono::system_clock::time_point m_start_time;
 
@@ -202,7 +194,6 @@ class BOTAN_DLL Session
       byte m_compression_method;
       Connection_Side m_connection_side;
 
-      bool m_secure_renegotiation_supported;
       size_t m_fragment_size;
 
       std::vector<X509_Certificate> m_peer_certs;