[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-65-g0f91a64
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-65-g0f91a64 |
Date: |
Mon, 06 Dec 2010 16:21:37 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0f91a6442192bfc7289b657bea53f9e3fe467a6a
The branch, master has been updated
via 0f91a6442192bfc7289b657bea53f9e3fe467a6a (commit)
via 29902dcbbb9925cc0f4e3b4a2e8593717466fd95 (commit)
via 87e93091861c7b427104542bdfa8a2cf888c619b (commit)
from c236da00885163f387a0bc62897de7126265d59a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0f91a6442192bfc7289b657bea53f9e3fe467a6a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Dec 6 17:20:16 2010 +0100
SSL3_RECORD_VERSION priority option is now the default. That is in order to
not confuse non TLS 1.2 compliant implementations that don't like a TLS 1.2
record.
commit 29902dcbbb9925cc0f4e3b4a2e8593717466fd95
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Dec 6 17:12:44 2010 +0100
simplified escape and unescape.
commit 87e93091861c7b427104542bdfa8a2cf888c619b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Dec 5 21:18:58 2010 +0100
Added Michael.
-----------------------------------------------------------------------
Summary of changes:
THANKS | 1 +
lib/gnutls_handshake.c | 14 ++++++--------
lib/gnutls_int.h | 2 +-
lib/gnutls_priority.c | 9 ++++++++-
lib/gnutls_str.c | 22 +++++++++-------------
5 files changed, 25 insertions(+), 23 deletions(-)
diff --git a/THANKS b/THANKS
index f26f3bd..b01a1f3 100644
--- a/THANKS
+++ b/THANKS
@@ -109,6 +109,7 @@ Claudio Saavedra <address@hidden>
Vincent Torri <address@hidden>
Sjoerd Simons <address@hidden>
Micah Anderson <address@hidden>
+Michael Rommel <address@hidden>
----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e88b876..e69bad4 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2076,15 +2076,13 @@ _gnutls_send_client_hello (gnutls_session_t session,
int again)
_gnutls_set_adv_version (session, hver);
_gnutls_set_current_version (session, hver);
- if (session->internals.priorities.ssl3_record_version)
- {
- /* Some old implementations do not interoperate if we send a
- * different version in the record layer.
- * It seems they prefer to read the record's version
- * as the one we actually requested.
- * The proper behaviour is to use the one in the client hello
- * handshake packet and ignore the one in the packet's record
- * header.
+ if (session->internals.priorities.no_ssl3_record_version != 0)
+ {
+ /* Advertize the SSL 3.0 record packet version in
+ * record packets during the handshake.
+ * That is to avoid confusing implementations
+ * that do not support TLS 1.2 and don't know
+ * how 3,3 version of record packets look like.
*/
_gnutls_record_set_default_version (session, 3, 0);
}
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index b97830e..3df5dfc 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -444,7 +444,7 @@ struct gnutls_priority_st
int no_padding:1;
int allow_large_records:1;
safe_renegotiation_t sr;
- int ssl3_record_version;
+ int no_ssl3_record_version:1;
int additional_verify_flags;
};
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index b79d738..0589d99 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -542,6 +542,10 @@ gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority)
* causes operability problems, but is required for full protection.
*
* "%SSL3_RECORD_VERSION" will use SSL3.0 record version in client hello.
+ * This is the default.
+ *
+ * "%LATEST_RECORD_VERSION" will use the latest TLS version record
+ * version in client hello.
*
* "%VERIFY_ALLOW_SIGN_RSA_MD5" will allow RSA-MD5 signatures in
* certificate chains.
@@ -767,7 +771,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
}
else if (strcasecmp (&broken_list[i][1],
"SSL3_RECORD_VERSION") == 0)
- (*priority_cache)->ssl3_record_version = 1;
+ (*priority_cache)->no_ssl3_record_version = 0;
+ else if (strcasecmp (&broken_list[i][1],
+ "LATEST_RECORD_VERSION") == 0)
+ (*priority_cache)->no_ssl3_record_version = 1;
else if (strcasecmp (&broken_list[i][1],
"VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
(*priority_cache)->additional_verify_flags |=
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index c8d2138..7a3ef51 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -346,13 +346,10 @@ int
_gnutls_buffer_escape (gnutls_buffer_st * dest,
const char *const invalid_chars)
{
- static const char *x = "0123456789ABCDEF";
int rv = -1;
char t[5];
int pos = 0;
- /*_PKCS11H_ASSERT (target!=NULL); Not required*/
-
while (pos < dest->length)
{
@@ -360,9 +357,7 @@ _gnutls_buffer_escape (gnutls_buffer_st * dest,
|| !isgraph (dest->data[pos]))
{
- t[0] = '%';
- t[1] = x[(dest->data[pos] & 0xf0) >> 4];
- t[2] = x[(dest->data[pos] & 0x0f) >> 0];
+ snprintf(t, sizeof(t), "%%%.2X", (unsigned int)dest->data[pos]);
_gnutls_buffer_delete_data (dest, pos, 1);
@@ -389,21 +384,22 @@ _gnutls_buffer_unescape (gnutls_buffer_st * dest)
int rv = -1;
int pos = 0;
- /*_PKCS11H_ASSERT (target!=NULL); Not required*/
-
while (pos < dest->length)
{
if (dest->data[pos] == '%')
{
char b[3];
- unsigned u;
- char x;
+ unsigned int u;
+ unsigned char x;
+
b[0] = dest->data[pos + 1];
b[1] = dest->data[pos + 2];
- b[2] = '\x0';
+ b[2] = 0;
+
+ sscanf (b, "%02x", &u);
+
+ x = u;
- sscanf (b, "%08x", &u);
- x = u & 0xff;
_gnutls_buffer_delete_data (dest, pos, 3);
_gnutls_buffer_insert_data (dest, pos, &x, 1);
}
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-65-g0f91a64,
Nikos Mavrogiannopoulos <=