CVE-2020-24659: GnuTLS NULL deref via no_renegotiation alert mid-handshake

CVE-2020-24659 in GnuTLS <= 3.6.14: a malicious TLS server can send a warning-level no_renegotiation alert AFTER its ServerHello but before the handshake completes. The GnuTLS client's _gnutls_abort_handshake() in lib/handshake.c (lines ~2563-2573) treats any GNUTLS_A_NO_RENEGOTIATION warning as fully recoverable (returns 0), causing the typical 'do { gnutls_handshake(session); } while (!fatal)' loop to retry the handshake. The session's internal state was partially initialized during the first attempt (DHE/ECDHE key share buffers, pre_shared_key extension data, session ticket data, extension priv pointers). Re-entering handshake state machine with these dangling/half-built pointers triggers a NULL pointer dereference on the client side. The bug is reachable in particular during session resumption flows (TLS 1.3 PSK / TLS 1.2 session ticket) where extensions populate state that is not torn down before the retry. Fixed in 3.6.15 by commit 29ee67c2 ("handshake: reject no_renegotiation alert if handshake is incomplete").