Don’t mention :safe-renegotiation in TLS 1.3

* src/gnutls.c (Fgnutls_peer_status): Don’t put the
safe-renegotiation indication into the status in TLS 1.3, which
removed support for renegotiation.

diff --git a/src/gnutls.c b/src/gnutls.c
index 042f43e29123becfab755a3ea4aaa0ab141602e8..c74936c840f4fd2f2634348e51f8bd6a8321ef7a 100644 (file)
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1487,10 +1487,10 @@ returned as the :certificate entry.  */)
                                  (gnutls_kx_get (state)))));
 
   /* Protocol name. */
+  gnutls_protocol_t proto = gnutls_protocol_get_version (state);
   result = nconc2
     (result, list2 (intern (":protocol"),
-                   build_string (gnutls_protocol_get_name
-                                 (gnutls_protocol_get_version (state)))));
+                   build_string (gnutls_protocol_get_name (proto))));
 
   /* Cipher name. */
   result = nconc2
@@ -1520,9 +1520,15 @@ returned as the :certificate entry.  */)
 #endif
 
   /* Renegotiation Indication */
-  result = nconc2
-    (result, list2 (intern (":safe-renegotiation"),
-                    gnutls_safe_renegotiation_status (state) ? Qt : Qnil));
+#ifdef GNUTLS_TLS1_3
+  bool older_proto = proto < GNUTLS_TLS1_3;
+#else
+  bool older_proto = true;
+#endif
+  if (older_proto)
+    result = nconc2
+      (result, list2 (intern (":safe-renegotiation"),
+                     gnutls_safe_renegotiation_status (state) ? Qt : Qnil));
 
   return result;
 }