[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-22-g3557668
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-22-g3557668 |
|
Date: |
Tue, 16 Nov 2010 14:24:31 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=3557668d5ca189e472d5fbf86bde5ec45167d44e
The branch, master has been updated
via 3557668d5ca189e472d5fbf86bde5ec45167d44e (commit)
via e3452c242416ba2d5d4de4b1fd47c177bdef23ff (commit)
from d2f5343fb2f30a0e30644d5642d12a1e9d004345 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3557668d5ca189e472d5fbf86bde5ec45167d44e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Nov 16 15:23:46 2010 +0100
Deprecated the key derivation method from netconf. The published
RFC does not include this method and it is not known whether it has
been used at all in practice. No need to support it.
commit e3452c242416ba2d5d4de4b1fd47c177bdef23ff
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Nov 16 15:17:43 2010 +0100
Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL priority strings.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++
doc/cha-auth.texi | 5 +-
lib/gnutls_priority.c | 82 ++++++++++++++++++++++++++------------
lib/includes/gnutls/compat.h | 5 ++
lib/includes/gnutls/gnutls.h.in | 5 --
5 files changed, 68 insertions(+), 33 deletions(-)
diff --git a/NEWS b/NEWS
index 65e721e..e444fc3 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@ See the end for copying conditions.
* Version 2.11.5 (unreleased)
+** libgnutls: Added Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL
+as priority strings. Those allow to set all the supported algorithms
+at once.
+
** p11tool: Introduced. It allows manipulating pkcs 11 tokens.
** gnutls-cli: Print channel binding only in verbose mode.
diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi
index 9551791..42fe4ec 100644
--- a/doc/cha-auth.texi
+++ b/doc/cha-auth.texi
@@ -342,9 +342,10 @@ the hint, for example in the callback function, using
@ref{gnutls_psk_client_get_hint}.
There is no standard mechanism to derive a PSK key from a password
-specified by the TLS PSK document. However, GnuTLS provides
+specified by the TLS PSK document. GnuTLS provides
@ref{gnutls_psk_netconf_derive_key} which follows the algorithm
-specified in @file{draft-ietf-netconf-tls-02.txt}.
+specified in @file{draft-ietf-netconf-tls-02.txt}. This method
+is deprecated and might be removed in later versions of GnuTLS.
Some helper functions such as:
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index d7c6831..5d6e494 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -552,7 +552,9 @@ gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority)
* To avoid collisions in order to specify a compression algorithm in
* this string you have to prefix it with "COMP-", protocol versions
* with "VERS-", signature algorithms with "SIGN-" and certificate types with
"CTYPE-". All other
- * algorithms don't need a prefix.
+ * algorithms don't need a prefix. The keywords "SIGN-ALL", "CTYPE-ALL",
"COMP-ALL",
+ * and "VERS-TLS-ALL" can be used to add all the support signature types,
certificate
+ * types, compression methods and supported TLS version numbers.
*
* Examples:
* "NORMAL:!AES-128-CBC" means normal ciphers except for AES-128.
@@ -560,7 +562,7 @@ gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority)
* "EXPORT:!VERS-TLS1.0:+COMP-DEFLATE" means that export ciphers are
* enabled, TLS 1.0 is disabled, and libz compression enabled.
*
- * "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",
"NORMAL",
+ * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",
"NORMAL",
* "%COMPAT".
*
* Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
@@ -680,39 +682,67 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
fn (&(*priority_cache)->kx, algo);
else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0)
{
- if ((algo =
- gnutls_protocol_get_id (&broken_list[i][6])) !=
- GNUTLS_VERSION_UNKNOWN)
- fn (&(*priority_cache)->protocol, algo);
- else
- goto error;
+ if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
+ {
+ _set_priority (&(*priority_cache)->protocol,
protocol_priority);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_protocol_get_id (&broken_list[i][6])) !=
+ GNUTLS_VERSION_UNKNOWN)
+ fn (&(*priority_cache)->protocol, algo);
+ else
+ goto error;
+ }
} /* now check if the element is something like
-ALGO */
else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0)
{
- if ((algo =
- gnutls_compression_get_id (&broken_list[i][6])) !=
- GNUTLS_COMP_UNKNOWN)
- fn (&(*priority_cache)->compression, algo);
- else
- goto error;
+ if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0)
+ {
+ _set_priority (&(*priority_cache)->compression,
comp_priority);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_compression_get_id (&broken_list[i][6])) !=
+ GNUTLS_COMP_UNKNOWN)
+ fn (&(*priority_cache)->compression, algo);
+ else
+ goto error;
+ }
} /* now check if the element is something like
-ALGO */
else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0)
{
- if ((algo =
- gnutls_certificate_type_get_id (&broken_list[i][7])) !=
- GNUTLS_CRT_UNKNOWN)
- fn (&(*priority_cache)->cert_type, algo);
- else
- goto error;
+ if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0)
+ {
+ _set_priority (&(*priority_cache)->cert_type,
cert_type_priority);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_certificate_type_get_id (&broken_list[i][7])) !=
+ GNUTLS_CRT_UNKNOWN)
+ fn (&(*priority_cache)->cert_type, algo);
+ else
+ goto error;
+ }
} /* now check if the element is something like
-ALGO */
else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0)
{
- if ((algo =
- gnutls_sign_get_id (&broken_list[i][6])) !=
- GNUTLS_SIGN_UNKNOWN)
- fn (&(*priority_cache)->sign_algo, algo);
- else
- goto error;
+ if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0)
+ {
+ _set_priority (&(*priority_cache)->sign_algo,
sign_priority_default);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_sign_get_id (&broken_list[i][6])) !=
+ GNUTLS_SIGN_UNKNOWN)
+ fn (&(*priority_cache)->sign_algo, algo);
+ else
+ goto error;
+ }
} /* now check if the element is something like
-ALGO */
else
goto error;
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index da2bba9..81e0b92 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -194,4 +194,9 @@ const void *gnutls_session_get_server_random
(gnutls_session_t session) _GNUTLS_
const void *gnutls_session_get_client_random (gnutls_session_t session)
_GNUTLS_GCC_ATTR_DEPRECATED;
const void *gnutls_session_get_master_secret (gnutls_session_t session)
_GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_psk_netconf_derive_key (const char *password,
+ const char *psk_identity,
+ const char *psk_identity_hint,
+ gnutls_datum_t * output_key)
_GNUTLS_GCC_ATTR_DEPRECATED;
+
#endif /* _GNUTLS_COMPAT_H */
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 4efc97a..c038c1a 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1423,11 +1423,6 @@ extern "C"
res,
gnutls_params_function * func);
- int gnutls_psk_netconf_derive_key (const char *password,
- const char *psk_identity,
- const char *psk_identity_hint,
- gnutls_datum_t * output_key);
-
/**
* gnutls_x509_subject_alt_name_t:
* @GNUTLS_SAN_DNSNAME: DNS-name SAN.
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-22-g3557668,
Nikos Mavrogiannopoulos <=