[SCM] GNU gnutls branch, master, updated. gnutls_2_11

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-65-g0f91a64

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-65-g0f91a64
Date:	Mon, 06 Dec 2010 16:21:37 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0f91a6442192bfc7289b657bea53f9e3fe467a6a

The branch, master has been updated
       via  0f91a6442192bfc7289b657bea53f9e3fe467a6a (commit)
       via  29902dcbbb9925cc0f4e3b4a2e8593717466fd95 (commit)
       via  87e93091861c7b427104542bdfa8a2cf888c619b (commit)
      from  c236da00885163f387a0bc62897de7126265d59a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0f91a6442192bfc7289b657bea53f9e3fe467a6a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Dec 6 17:20:16 2010 +0100

    SSL3_RECORD_VERSION priority option is now the default. That is in order to 
not confuse non TLS 1.2 compliant implementations that don't like a TLS 1.2 
record.

commit 29902dcbbb9925cc0f4e3b4a2e8593717466fd95
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Dec 6 17:12:44 2010 +0100

    simplified escape and unescape.

commit 87e93091861c7b427104542bdfa8a2cf888c619b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Dec 5 21:18:58 2010 +0100

    Added Michael.

-----------------------------------------------------------------------

Summary of changes:
 THANKS                 |    1 +
 lib/gnutls_handshake.c |   14 ++++++--------
 lib/gnutls_int.h       |    2 +-
 lib/gnutls_priority.c  |    9 ++++++++-
 lib/gnutls_str.c       |   22 +++++++++-------------
 5 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/THANKS b/THANKS
index f26f3bd..b01a1f3 100644
--- a/THANKS
+++ b/THANKS
@@ -109,6 +109,7 @@ Claudio Saavedra                <address@hidden>
 Vincent Torri                   <address@hidden>
 Sjoerd Simons                   <address@hidden>
 Micah Anderson                 <address@hidden>
+Michael Rommel                 <address@hidden>
 
 ----------------------------------------------------------------------
 Copying and distribution of this file, with or without modification,
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e88b876..e69bad4 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2076,15 +2076,13 @@ _gnutls_send_client_hello (gnutls_session_t session, 
int again)
       _gnutls_set_adv_version (session, hver);
       _gnutls_set_current_version (session, hver);
 
-      if (session->internals.priorities.ssl3_record_version)
-       {
-         /* Some old implementations do not interoperate if we send a
-          * different version in the record layer.
-          * It seems they prefer to read the record's version
-          * as the one we actually requested.
-          * The proper behaviour is to use the one in the client hello 
-          * handshake packet and ignore the one in the packet's record 
-          * header.
+      if (session->internals.priorities.no_ssl3_record_version != 0)
+       {
+         /* Advertize the SSL 3.0 record packet version in
+          * record packets during the handshake.
+          * That is to avoid confusing implementations
+          * that do not support TLS 1.2 and don't know
+          * how 3,3 version of record packets look like.
           */
          _gnutls_record_set_default_version (session, 3, 0);
        }
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index b97830e..3df5dfc 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -444,7 +444,7 @@ struct gnutls_priority_st
   int no_padding:1;
   int allow_large_records:1;
   safe_renegotiation_t sr;
-  int ssl3_record_version;
+  int no_ssl3_record_version:1;
   int additional_verify_flags;
 };
 
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index b79d738..0589d99 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -542,6 +542,10 @@ gnutls_priority_set (gnutls_session_t session, 
gnutls_priority_t priority)
  * causes operability problems, but is required for full protection.
  *
  * "%SSL3_RECORD_VERSION" will use SSL3.0 record version in client hello.
+ * This is the default.
+ *
+ * "%LATEST_RECORD_VERSION" will use the latest TLS version record
+ * version in client hello.
  *
  * "%VERIFY_ALLOW_SIGN_RSA_MD5" will allow RSA-MD5 signatures in
  * certificate chains.
@@ -767,7 +771,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
            }
          else if (strcasecmp (&broken_list[i][1],
                               "SSL3_RECORD_VERSION") == 0)
-           (*priority_cache)->ssl3_record_version = 1;
+           (*priority_cache)->no_ssl3_record_version = 0;
+         else if (strcasecmp (&broken_list[i][1],
+                              "LATEST_RECORD_VERSION") == 0)
+           (*priority_cache)->no_ssl3_record_version = 1;
          else if (strcasecmp (&broken_list[i][1],
                               "VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
            (*priority_cache)->additional_verify_flags |=
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index c8d2138..7a3ef51 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -346,13 +346,10 @@ int
 _gnutls_buffer_escape (gnutls_buffer_st * dest,
                       const char *const invalid_chars)
 {
-  static const char *x = "0123456789ABCDEF";
   int rv = -1;
   char t[5];
   int pos = 0;
 
-       /*_PKCS11H_ASSERT (target!=NULL); Not required*/
-
   while (pos < dest->length)
     {
 
@@ -360,9 +357,7 @@ _gnutls_buffer_escape (gnutls_buffer_st * dest,
          || !isgraph (dest->data[pos]))
        {
 
-         t[0] = '%';
-         t[1] = x[(dest->data[pos] & 0xf0) >> 4];
-         t[2] = x[(dest->data[pos] & 0x0f) >> 0];
+         snprintf(t, sizeof(t), "%%%.2X", (unsigned int)dest->data[pos]);
 
          _gnutls_buffer_delete_data (dest, pos, 1);
 
@@ -389,21 +384,22 @@ _gnutls_buffer_unescape (gnutls_buffer_st * dest)
   int rv = -1;
   int pos = 0;
 
-       /*_PKCS11H_ASSERT (target!=NULL); Not required*/
-
   while (pos < dest->length)
     {
       if (dest->data[pos] == '%')
        {
          char b[3];
-         unsigned u;
-         char x;
+         unsigned int u;
+         unsigned char x;
+
          b[0] = dest->data[pos + 1];
          b[1] = dest->data[pos + 2];
-         b[2] = '\x0';
+         b[2] = 0;
+
+         sscanf (b, "%02x", &u);
+
+         x = u;
 
-         sscanf (b, "%08x", &u);
-         x = u & 0xff;
          _gnutls_buffer_delete_data (dest, pos, 3);
          _gnutls_buffer_insert_data (dest, pos, &x, 1);
        }


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-65-g0f91a64, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-62-gc236da0
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-66-gb6e6fd1
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-62-gc236da0
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-66-gb6e6fd1
Index(es):
- Date
- Thread