[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-283-g562320f
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-283-g562320f |
|
Date: |
Sat, 12 Mar 2011 10:38:17 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=562320f54d499161d41c5f7501fcafc8cd192d62
The branch, master has been updated
via 562320f54d499161d41c5f7501fcafc8cd192d62 (commit)
via 55a1235fcc59736d052250aa5118fbcd896ed244 (commit)
via 97391c4fda9e79f0a59cb7b414f019694487c05c (commit)
via 65b3d952a7259ae9e10898a14fa850e6a974882c (commit)
via 33cb62640c84205a0692708a524f88f81eec84bf (commit)
via 40056d3de3d250b4cc6c1b2868a8fe934aabc971 (commit)
from 8f97c15c8c6a6dd19b911b7e5f2bbeb81af8e59a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 562320f54d499161d41c5f7501fcafc8cd192d62
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 12 11:37:58 2011 +0100
corrected ssl3 record version sending in client hello.
commit 55a1235fcc59736d052250aa5118fbcd896ed244
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 12 11:22:15 2011 +0100
gnutls_transport_set_lowat() is no more.
commit 97391c4fda9e79f0a59cb7b414f019694487c05c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 12 11:11:17 2011 +0100
some cleanups
commit 65b3d952a7259ae9e10898a14fa850e6a974882c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 12 10:56:19 2011 +0100
gnutls_x509_trust_list_verify_crt shortens the provided certificate list
based on the existing trusted CAs.
commit 33cb62640c84205a0692708a524f88f81eec84bf
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 12 09:33:27 2011 +0100
gnutls_init_dtls() was made redundant. The same for gnutls_end_connection_t
which was replaced by a flags integer..
commit 40056d3de3d250b4cc6c1b2868a8fe934aabc971
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 12 09:29:34 2011 +0100
Corrected types.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 +
doc/cha-intro-tls.texi | 10 +---
lib/auth_psk.c | 2 +-
lib/auth_psk.h | 2 +-
lib/ext_session_ticket.c | 2 +-
lib/ext_srp.c | 2 +-
lib/gnutls_buffers.c | 118 ++---------------------------------
lib/gnutls_handshake.c | 2 +-
lib/gnutls_int.h | 17 +-----
lib/gnutls_priority.c | 4 +-
lib/gnutls_record.c | 61 +++----------------
lib/gnutls_sig.c | 2 +-
lib/gnutls_state.c | 52 ++++------------
lib/gnutls_x509.c | 8 +-
lib/gnutlsxx.cpp | 4 +-
lib/includes/gnutls/compat.h | 7 ++
lib/includes/gnutls/dtls.h | 4 -
lib/includes/gnutls/gnutls.h.in | 24 ++-----
lib/includes/gnutls/gnutlsxx.h | 2 +-
lib/libgnutls.map | 2 -
lib/pkcs11_int.h | 2 +-
lib/system.c | 10 ++--
lib/system.h | 12 ++--
lib/x509/common.h | 3 +
lib/x509/mpi.c | 2 +-
lib/x509/verify-high.c | 101 ++++++++++++++++++++++++++-----
lib/x509/verify.c | 4 +-
libextra/includes/gnutls/openssl.h | 2 +-
src/certtool-common.h | 2 +-
src/certtool.c | 8 +-
src/cli.c | 2 +-
src/common.c | 2 +-
src/pkcs11.c | 2 +-
src/serv.c | 2 +-
src/udp-serv.c | 4 +-
35 files changed, 178 insertions(+), 307 deletions(-)
diff --git a/NEWS b/NEWS
index 94f31db..a7333f4 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ See the end for copying conditions.
* Version 2.99.0 (unreleased)
+** libgnutls: gnutls_transport_set_lowat() is no more.
+
** libgnutls-openssl: modified to use modern gnutls' functions.
This introduces an ABI incompatibility with previous versions.
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 192799f..c3fa6de 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -66,7 +66,6 @@ required callbacks to access the transport layer.
@item @ref{gnutls_transport_set_push_function}
@item @ref{gnutls_transport_set_pull_function}
@item @ref{gnutls_transport_set_ptr}
address@hidden @ref{gnutls_transport_set_lowat}
@item @ref{gnutls_transport_set_errno}
@end itemize
@@ -89,15 +88,8 @@ again), if any of these error codes is returned. The error
codes
above refer to the system call, not the @acronym{GnuTLS} function,
since signals do not interrupt @acronym{GnuTLS}' functions.
-For non blocking sockets or other custom made pull/push functions
-the @ref{gnutls_transport_set_lowat} must be called, with a zero
-low water mark value.
-
By default, if the transport functions are not set, @acronym{GnuTLS}
-will use the Berkeley Sockets functions. In this case
address@hidden will use some hacks in order for @code{select} to
-work, thus making it easy to add @acronym{TLS} support to existing
-TCP/IP servers.
+will use the Berkeley Sockets functions.
@node The TLS record protocol
@section The TLS Record Protocol
diff --git a/lib/auth_psk.c b/lib/auth_psk.c
index 17d9403..e3d07d6 100644
--- a/lib/auth_psk.c
+++ b/lib/auth_psk.c
@@ -130,7 +130,7 @@ error:
* Free is non zero if they have to be freed.
*/
int _gnutls_find_psk_key( gnutls_session_t session,
gnutls_psk_client_credentials_t cred,
- gnutls_datum_t * username, gnutls_datum* key, int* free)
+ gnutls_datum_t * username, gnutls_datum_t* key, int* free)
{
char* user_p;
int ret;
diff --git a/lib/auth_psk.h b/lib/auth_psk.h
index 40e88f1..87d6a32 100644
--- a/lib/auth_psk.h
+++ b/lib/auth_psk.h
@@ -71,7 +71,7 @@ int
_gnutls_set_psk_session_key (gnutls_session_t session, gnutls_datum_t* key,
gnutls_datum_t * psk2);
int _gnutls_find_psk_key( gnutls_session_t session,
gnutls_psk_client_credentials_t cred,
- gnutls_datum_t * username, gnutls_datum* key, int* free);
+ gnutls_datum_t * username, gnutls_datum_t* key, int* free);
#else
#define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR
diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c
index 74fe174..d74be83 100644
--- a/lib/ext_session_ticket.c
+++ b/lib/ext_session_ticket.c
@@ -440,7 +440,7 @@ session_ticket_unpack (gnutls_buffer_st * ps,
extension_priv_data_t * _priv)
session_ticket_ext_st *priv = NULL;
int ret;
extension_priv_data_t epriv;
- gnutls_datum ticket;
+ gnutls_datum_t ticket;
priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
diff --git a/lib/ext_srp.c b/lib/ext_srp.c
index e97d997..ec07fd0 100644
--- a/lib/ext_srp.c
+++ b/lib/ext_srp.c
@@ -224,7 +224,7 @@ _gnutls_srp_unpack (gnutls_buffer_st * ps,
extension_priv_data_t * _priv)
srp_ext_st *priv;
int ret;
extension_priv_data_t epriv;
- gnutls_datum username = { NULL, 0 }, password =
+ gnutls_datum_t username = { NULL, 0 }, password =
{
NULL, 0};
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 5d7612d..c66f112 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -377,45 +377,6 @@ _gnutls_writev (gnutls_session_t session, const giovec_t *
giovec,
return i;
}
-#define RCVLOWAT session->internals.lowat
-
-/* This function is only used with berkeley style sockets.
- * Clears the peeked data (read with MSG_PEEK).
- */
-int
-_gnutls_io_clear_peeked_data (gnutls_session_t session)
-{
- mbuffer_st *peekdata;
- int ret, sum;
-
- if (session->internals.have_peeked_data == 0 || RCVLOWAT == 0)
- return 0;
-
- /* this was already read by using MSG_PEEK - so it shouldn't fail */
- sum = 0;
- do
- { /* we need this to finish now */
- ret =
- _gnutls_read (session, &peekdata, RCVLOWAT - sum,
- session->internals.pull_func);
- if (ret > 0)
- sum += ret;
- _mbuffer_xfree (&peekdata);
- }
- while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN
- || sum < RCVLOWAT);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- session->internals.have_peeked_data = 0;
-
- return 0;
-}
-
/* This function is like recv(with MSG_PEEK). But it does not return -1 on
error.
* It does return gnutls_errno instead.
* This function reads data from the socket and keeps them in a buffer, of up
to
@@ -429,10 +390,10 @@ ssize_t
_gnutls_io_read_buffered (gnutls_session_t session, size_t total,
content_type_t recv_type)
{
- ssize_t ret = 0, ret2 = 0;
+ ssize_t ret = 0;
size_t min;
mbuffer_st *bufel = NULL;
- size_t recvlowat, recvdata, readsize;
+ size_t recvdata, readsize;
if (total > MAX_RECV_SIZE(session) || total == 0)
{
@@ -440,28 +401,6 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t
total,
return GNUTLS_E_INVALID_REQUEST;
}
- /* If an external pull function is used, then do not leave
- * any data into the kernel buffer.
- */
- if (session->internals.pull_func != system_read)
- {
- recvlowat = 0;
- }
- else
- {
- /* leave peeked data to the kernel space only if application data
- * is received and we don't have any peeked
- * data in gnutls session.
- */
- if (recv_type != GNUTLS_APPLICATION_DATA
- && session->internals.have_peeked_data == 0)
- recvlowat = 0;
- else
- recvlowat = RCVLOWAT;
- }
-
-
-
/* calculate the actual size, ie. get the minimum of the
* buffered data and the requested data.
*/
@@ -481,7 +420,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t
total,
* receive in order to return the requested data.
*/
recvdata = total - min;
- readsize = recvdata - recvlowat;
+ readsize = recvdata;
/* Check if the previously read data plus the new data to
* receive are longer than the maximum receive buffer size.
@@ -531,51 +470,10 @@ _gnutls_io_read_buffered (gnutls_session_t session,
size_t total,
else
_mbuffer_xfree (&bufel);
-
- /* This is hack in order for select to work. Just leave recvlowat data,
- * into the kernel buffer (using a read with MSG_PEEK), thus making
- * select think, that the socket is ready for reading.
- * MSG_PEEK is only used with berkeley style sockets.
- */
- if (ret == readsize && recvlowat > 0 && !_gnutls_is_dtls(session) &&
- session->internals.pull_func == system_read)
- {
- ret2 = _gnutls_read (session, &bufel, recvlowat, system_read_peek);
-
- if (ret2 < 0 && gnutls_error_is_fatal (ret2) == 0)
- {
- _mbuffer_xfree (&bufel);
- return ret2;
- }
-
- if (ret2 > 0)
- {
- _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n",
- (int) ret2);
- _gnutls_read_log
- ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB:
Requested %d bytes\n",
- (int) session->internals.record_recv_buffer.byte_length,
- (int) ret2, (int) total);
- session->internals.have_peeked_data = 1;
- _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
- }
- else
- _mbuffer_xfree (&bufel);
- }
-
- if (ret < 0 || ret2 < 0)
- {
- gnutls_assert ();
- /* that's because they are initialized to 0 */
- return MIN (ret, ret2);
- }
-
- ret += ret2;
-
- if (ret > 0 && ret < recvlowat)
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_AGAIN;
+ return ret;
}
if (ret == 0)
@@ -592,8 +490,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t
total,
if ((ret > 0) && ((size_t) ret < total))
{
/* Short Read */
- gnutls_assert ();
- return GNUTLS_E_AGAIN;
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
}
else
{
@@ -694,8 +591,7 @@ _gnutls_io_write_flush (gnutls_session_t session)
if (sent < tosend)
{
- gnutls_assert ();
- return GNUTLS_E_AGAIN;
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
}
return sent;
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 6527ceb..a95b207 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1958,7 +1958,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int
again)
_gnutls_set_adv_version (session, hver);
_gnutls_set_current_version (session, hver);
- if (session->internals.priorities.no_ssl3_record_version != 0)
+ if (session->internals.priorities.ssl3_record_version != 0)
{
/* Advertize the SSL 3.0 record packet version in
* record packets during the handshake.
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 74f6e5f..aa8e44f 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -127,9 +127,6 @@ typedef struct
} gnutls_ext_parse_type_t;
-/* the default for TCP */
-#define DEFAULT_LOWAT 0
-
/* expire time for resuming sessions */
#define DEFAULT_EXPIRE_TIME 3600
@@ -441,7 +438,7 @@ typedef struct
*/
typedef struct
{
- gnutls_connection_end_t entity;
+ int entity; /* GNUTLS_SERVER or GNUTLS_CLIENT */
gnutls_kx_algorithm_t kx_algorithm;
handshake_mac_type_t handshake_mac_handle_type; /* one of
HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */
@@ -552,7 +549,7 @@ struct gnutls_priority_st
int no_padding:1;
int allow_large_records:1;
safe_renegotiation_t sr;
- int no_ssl3_record_version:1;
+ int ssl3_record_version:1;
int additional_verify_flags;
};
@@ -584,8 +581,6 @@ typedef struct
opaque cookie[DTLS_MAX_COOKIE_SIZE];
uint8_t cookie_len;
- gnutls_dtls_flags_t flags;
-
/* For DTLS handshake fragmentation and reassembly. */
uint16_t hsk_write_seq;
int hsk_read_seq;
@@ -662,9 +657,6 @@ typedef struct
security_parameters_st resumed_security_parameters;
gnutls_compression_method_t resumed_compression_method;
- /* sockets internals */
- int lowat;
-
/* These buffers are used in the handshake
* protocol only. freed using _gnutls_handshake_io_buffer_clear();
*/
@@ -685,11 +677,6 @@ typedef struct
* send.
*/
-
- /* 0 if no peeked data was kept, 1 otherwise.
- */
- int have_peeked_data:1;
-
int expire_time; /* after expire_time seconds this session will
expire */
struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX
algorithms */
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index c91b0d3..a490cfc 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -742,10 +742,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
}
else if (strcasecmp (&broken_list[i][1],
"SSL3_RECORD_VERSION") == 0)
- (*priority_cache)->no_ssl3_record_version = 0;
+ (*priority_cache)->ssl3_record_version = 1;
else if (strcasecmp (&broken_list[i][1],
"LATEST_RECORD_VERSION") == 0)
- (*priority_cache)->no_ssl3_record_version = 1;
+ (*priority_cache)->ssl3_record_version = 0;
else if (strcasecmp (&broken_list[i][1],
"VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
(*priority_cache)->additional_verify_flags |=
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 15405be..4c0278f 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -70,24 +70,6 @@ _gnutls_set_current_version (gnutls_session_t session,
}
/**
- * gnutls_transport_set_lowat:
- * @session: is a #gnutls_session_t structure.
- * @num: is the low water value.
- *
- * Used to set the lowat value in order for select to check if there
- * are pending data to socket buffer. Used only if you have changed
- * the default low water value (default is 1). Normally you will not
- * need that function. This function is only useful if using
- * berkeley style sockets. Otherwise it must be called and set lowat
- * to zero.
- **/
-void
-gnutls_transport_set_lowat (gnutls_session_t session, int num)
-{
- session->internals.lowat = num;
-}
-
-/**
* gnutls_record_disable_padding:
* @session: is a #gnutls_session_t structure.
*
@@ -244,7 +226,6 @@ gnutls_bye (gnutls_session_t session,
gnutls_close_request_t how)
{
do
{
- _gnutls_io_clear_peeked_data (session);
ret = _gnutls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0,
NULL);
}
while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
@@ -542,7 +523,7 @@ check_buffers (gnutls_session_t session, content_type_t
type,
type == GNUTLS_CHANGE_CIPHER_SPEC)
&& _gnutls_record_buffer_get_size (type, session) > 0)
{
- int ret, ret2;
+ int ret;
ret = _gnutls_record_buffer_get (type, session, data, data_size, seq);
if (ret < 0)
{
@@ -550,16 +531,6 @@ check_buffers (gnutls_session_t session, content_type_t
type,
return ret;
}
- /* if the buffer just got empty */
- if (_gnutls_record_buffer_get_size (type, session) == 0)
- {
- if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0)
- {
- gnutls_assert ();
- return ret2;
- }
- }
-
return ret;
}
@@ -870,16 +841,12 @@ gnutls_datum_t raw; /* raw headers */
if (gnutls_error_is_fatal (ret) == 0)
return ret;
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
}
ret = _mbuffer_linearize (&session->internals.record_recv_buffer);
if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ return gnutls_assert_val(ret);
_mbuffer_head_get_first (&session->internals.record_recv_buffer, &raw);
if (raw.size < RECORD_HEADER_SIZE(session))
@@ -907,26 +874,19 @@ gnutls_datum_t raw; /* raw headers */
* ok.
*/
if ((ret = check_recv_type (record->type)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ return gnutls_assert_val(ret);
/* Here we check if the advertized version is the one we
* negotiated in the handshake.
*/
if ((ret = record_check_version (session, htype, record->version)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ return gnutls_assert_val(ret);
if (record->length > MAX_RECV_SIZE(session))
{
_gnutls_audit_log
("Received packet with illegal length: %u\n", (unsigned
int)record->length);
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
}
_gnutls_record_log
@@ -976,10 +936,7 @@ begin:
}
else if (session_is_valid (session) != 0
|| session->internals.may_not_read != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
+ return gnutls_assert_val(GNUTLS_E_INVALID_SESSION);
/* get the record state parameters */
ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
@@ -1120,14 +1077,14 @@ discard:
/* discard the whole received fragment. */
bufel = _mbuffer_head_pop_first(&session->internals.record_recv_buffer);
_mbuffer_xfree(&bufel);
- return GNUTLS_E_AGAIN;
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
sanity_check_error:
if (IS_DTLS(session))
{
_gnutls_audit_log("Discarded message[%u] due to invalid decryption\n",
(unsigned int)_gnutls_uint64touint32 (packet_sequence));
- ret = GNUTLS_E_AGAIN;
+ ret = gnutls_assert_val(GNUTLS_E_AGAIN);
goto cleanup;
}
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 70d6742..fdfd595 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -929,7 +929,7 @@ pk_prepare_hash (gnutls_pk_algorithm_t pk,
gnutls_digest_algorithm_t hash, gnutls_datum_t * digest)
{
int ret;
- gnutls_datum old_digest = { digest->data, digest->size };
+ gnutls_datum_t old_digest = { digest->data, digest->size };
switch (pk)
{
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 68dc356..b268971 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -273,20 +273,21 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t
session)
#define MIN_DH_BITS 727
/**
* gnutls_init:
- * @con_end: indicate if this session is to be used for server or client.
* @session: is a pointer to a #gnutls_session_t structure.
+ * @flags: indicate if this session is to be used for server or client.
*
* This function initializes the current session to null. Every
* session must be initialized before use, so internal structures can
* be allocated. This function allocates structures which can only
* be free'd by calling gnutls_deinit(). Returns zero on success.
*
- * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER.
+ * @flags can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER and might
+ * include %GNUTLS_DATAGRAM to enable datagram TLS (DTLS).
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end)
+gnutls_init (gnutls_session_t * session, unsigned int flags)
{
int ret;
record_parameters_st *epoch;
@@ -307,7 +308,7 @@ gnutls_init (gnutls_session_t * session,
gnutls_connection_end_t con_end)
(*session)->security_parameters.epoch_next = 1;
- (*session)->security_parameters.entity = con_end;
+ (*session)->security_parameters.entity =
(flags&GNUTLS_SERVER?GNUTLS_SERVER:GNUTLS_CLIENT);
/* the default certificate type for TLS */
(*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
@@ -334,8 +335,6 @@ gnutls_init (gnutls_session_t * session,
gnutls_connection_end_t con_end)
gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS);
- gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default
for tcp */
-
gnutls_handshake_set_max_packet_length ((*session),
MAX_HANDSHAKE_PACKET_SIZE);
@@ -371,41 +370,16 @@ gnutls_init (gnutls_session_t * session,
gnutls_connection_end_t con_end)
gnutls_transport_set_errno_function (*session, system_errno);
gnutls_transport_set_pull_timeout_function (*session, system_recv_timeout);
- return 0;
-}
-
-/**
- * gnutls_init_dtls - initialize the session like gnutls_init, but
- * with a DTLS compatible transport.
- * @con_end: indicate if this session is to be used for server or client.
- * @session: is a pointer to a #gnutls_session_t structure.
- * @flags: dtls flags for optional behavior.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-int
-gnutls_init_dtls (gnutls_session_t * session,
- gnutls_connection_end_t con_end,
- gnutls_dtls_flags_t flags)
-{
- int ret;
-
- /* FIXME, we should inhibit the allocation of many buffers that are
- useless with datagram transport. */
- ret = gnutls_init(session, con_end);
-
- if(ret != 0)
- return ret;
-
- /* Flags do nothing, so just copy them into the struct for now. */
- (*session)->internals.dtls.flags = flags;
- (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
- (*session)->internals.transport = GNUTLS_DGRAM;
+ if (flags & GNUTLS_DATAGRAM)
+ {
+ (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
+ (*session)->internals.transport = GNUTLS_DGRAM;
- (*session)->internals.dtls.retrans_timeout = 1000;
- (*session)->internals.dtls.total_timeout = 60000;
+ (*session)->internals.dtls.retrans_timeout = 1000;
+ (*session)->internals.dtls.total_timeout = 60000;
- (*session)->internals.dtls.record_sw_size = 0;
+ (*session)->internals.dtls.record_sw_size = 0;
+ }
return 0;
}
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 3cf9f1d..6c3faec 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -1111,7 +1111,7 @@ parse_pem_ca_mem (gnutls_certificate_credentials_t res,
{
gnutls_x509_crt_t *x509_cert_list;
unsigned int x509_ncerts;
- gnutls_datum tmp;
+ gnutls_datum_t tmp;
int ret;
tmp.data = (void*)input_cert;
@@ -1151,7 +1151,7 @@ parse_der_ca_mem (gnutls_certificate_credentials_t res,
const void *input_cert, int input_cert_size)
{
gnutls_x509_crt_t crt;
- gnutls_datum tmp;
+ gnutls_datum_t tmp;
int ret;
tmp.data = (void*)input_cert;
@@ -1362,7 +1362,7 @@ parse_pem_crl_mem (gnutls_x509_trust_list_t tlist,
{
gnutls_x509_crl_t *x509_crl_list;
unsigned int x509_ncrls;
- gnutls_datum tmp;
+ gnutls_datum_t tmp;
int ret;
tmp.data = (void*)input_crl;
@@ -1396,7 +1396,7 @@ parse_der_crl_mem (gnutls_x509_trust_list_t tlist,
const void *input_crl, int input_crl_size)
{
gnutls_x509_crl_t crl;
- gnutls_datum tmp;
+ gnutls_datum_t tmp;
int ret;
tmp.data = (void*)input_crl;
diff --git a/lib/gnutlsxx.cpp b/lib/gnutlsxx.cpp
index d0956f8..aa92bc6 100644
--- a/lib/gnutlsxx.cpp
+++ b/lib/gnutlsxx.cpp
@@ -14,9 +14,9 @@ namespace gnutls
return ret;
}
- session::session (gnutls_connection_end_t end)
+ session::session (unsigned int flags)
{
- RETWRAP (gnutls_init (&s, end));
+ RETWRAP (gnutls_init (&s, flags));
}
session::~session ()
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index 5b778c0..9399e0b 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -19,6 +19,13 @@
#define _GNUTLS_GCC_ATTR_DEPRECATED
#endif
+/* gnutls_connection_end_t was made redundant in 2.99.0 */
+#define gnutls_connection_end_t unsigned int
+
+/* no longer valid since 2.99.0 */
+#define gnutls_transport_set_lowat(session, num)
+
+/* Stuff deprected in 2.x */
#define gnutls_cipher_algorithm gnutls_cipher_algorithm_t
#define gnutls_kx_algorithm gnutls_kx_algorithm_t
#define gnutls_paramsype gnutls_paramsype_t
diff --git a/lib/includes/gnutls/dtls.h b/lib/includes/gnutls/dtls.h
index 27b0b4c..9177cf8 100644
--- a/lib/includes/gnutls/dtls.h
+++ b/lib/includes/gnutls/dtls.h
@@ -36,10 +36,6 @@ extern "C"
{
#endif
-int gnutls_init_dtls (gnutls_session_t * session,
- gnutls_connection_end_t con_end,
- gnutls_dtls_flags_t flags);
-
void gnutls_dtls_set_timeouts (gnutls_session_t session, unsigned int
retrans_timeout,
unsigned int total_timeout);
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index c686db6..7e70a33 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -279,17 +279,17 @@ extern "C"
} gnutls_compression_method_t;
/**
- * gnutls_connection_end_t:
+ * Flags for gnutls_init()
+ *
* @GNUTLS_SERVER: Connection end is a server.
* @GNUTLS_CLIENT: Connection end is a client.
+ * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
*
* Enumeration of different TLS connection end types.
*/
- typedef enum
- {
- GNUTLS_SERVER = 1,
- GNUTLS_CLIENT
- } gnutls_connection_end_t;
+#define GNUTLS_SERVER 1
+#define GNUTLS_CLIENT (1<<1)
+#define GNUTLS_DATAGRAM (1<<2)
/**
* gnutls_alert_level_t:
@@ -300,13 +300,6 @@ extern "C"
*/
typedef enum
{
- /* Nothing for now. There will be flags for transport-dependent
- behavior (DCCP, SCTP) here in the future. */
- GNUTLS_DTLS_DUMMY = 0
- } gnutls_dtls_flags_t;
-
- typedef enum
- {
GNUTLS_AL_WARNING = 1,
GNUTLS_AL_FATAL
} gnutls_alert_level_t;
@@ -687,7 +680,7 @@ extern "C"
/* internal functions */
int gnutls_init (gnutls_session_t * session,
- gnutls_connection_end_t con_end);
+ unsigned int flags);
void gnutls_deinit (gnutls_session_t session);
#define _gnutls_deinit(x) gnutls_deinit(x)
@@ -1203,9 +1196,6 @@ extern "C"
gnutls_transport_ptr_t * recv_ptr,
gnutls_transport_ptr_t * send_ptr);
- void gnutls_transport_set_lowat (gnutls_session_t session, int num);
-
-
void gnutls_transport_set_vec_push_function (gnutls_session_t session,
gnutls_vec_push_func vec_func);
void gnutls_transport_set_push_function (gnutls_session_t session,
diff --git a/lib/includes/gnutls/gnutlsxx.h b/lib/includes/gnutls/gnutlsxx.h
index db51a6b..083bedc 100644
--- a/lib/includes/gnutls/gnutlsxx.h
+++ b/lib/includes/gnutls/gnutlsxx.h
@@ -89,7 +89,7 @@ namespace gnutls
protected:
gnutls_session_t s;
public:
- session (gnutls_connection_end_t);
+ session (unsigned int);
virtual ~ session ();
int bye (gnutls_close_request_t how);
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 003f99b..b91d291 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -153,7 +153,6 @@ GNUTLS_1_4
gnutls_hex_decode;
gnutls_hex_encode;
gnutls_init;
- gnutls_init_dtls;
gnutls_kx_get;
gnutls_kx_get_id;
gnutls_kx_get_name;
@@ -374,7 +373,6 @@ GNUTLS_1_4
gnutls_transport_get_ptr;
gnutls_transport_set_errno;
gnutls_transport_set_global_errno;
- gnutls_transport_set_lowat;
gnutls_transport_set_ptr2;
gnutls_transport_set_ptr;
gnutls_transport_set_pull_function;
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index b431a80..e1bb607 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -46,7 +46,7 @@ struct gnutls_pkcs11_obj_st
/* only when pubkey */
gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
- gnutls_pk_algorithm pk_algorithm;
+ gnutls_pk_algorithm_t pk_algorithm;
unsigned int key_usage;
};
diff --git a/lib/system.c b/lib/system.c
index 169dd15..0aa569f 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -78,13 +78,13 @@ system_write (gnutls_transport_ptr ptr, const void *data,
size_t data_size)
}
#else /* POSIX */
int
-system_errno (gnutls_transport_ptr ptr)
+system_errno (gnutls_transport_ptr_t ptr)
{
return errno;
}
ssize_t
-system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec,
+system_writev (gnutls_transport_ptr_t ptr, const giovec_t * iovec,
int iovec_cnt)
{
return writev (GNUTLS_POINTER_TO_INT (ptr), (struct iovec *) iovec,
@@ -94,13 +94,13 @@ system_writev (gnutls_transport_ptr ptr, const giovec_t *
iovec,
#endif
ssize_t
-system_read (gnutls_transport_ptr ptr, void *data, size_t data_size)
+system_read (gnutls_transport_ptr_t ptr, void *data, size_t data_size)
{
return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
}
ssize_t
-system_read_peek (gnutls_transport_ptr ptr, void *data, size_t data_size)
+system_read_peek (gnutls_transport_ptr_t ptr, void *data, size_t data_size)
{
return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, MSG_PEEK);
}
@@ -109,7 +109,7 @@ system_read_peek (gnutls_transport_ptr ptr, void *data,
size_t data_size)
* If data_size > 0 it will return the specified amount of data in
* peek mode.
*/
-int system_recv_timeout(gnutls_transport_ptr ptr, void* data, size_t
data_size, unsigned int ms)
+int system_recv_timeout(gnutls_transport_ptr_t ptr, void* data, size_t
data_size, unsigned int ms)
{
fd_set rfds;
struct timeval tv;
diff --git a/lib/system.h b/lib/system.h
index 207e6fa..bdda73e 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -7,19 +7,19 @@
#include <sys/uio.h> /* for writev */
#endif
-int system_errno (gnutls_transport_ptr);
-int system_recv_timeout(gnutls_transport_ptr ptr,void*data, size_t, unsigned
int ms);
+int system_errno (gnutls_transport_ptr_t);
+int system_recv_timeout(gnutls_transport_ptr_t ptr,void*data, size_t, unsigned
int ms);
#ifdef _WIN32
-ssize_t system_write (gnutls_transport_ptr ptr, const void *data,
+ssize_t system_write (gnutls_transport_ptr_t ptr, const void *data,
size_t data_size);
#else
#define HAVE_WRITEV
-ssize_t system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec,
+ssize_t system_writev (gnutls_transport_ptr_t ptr, const giovec_t * iovec,
int iovec_cnt);
#endif
-ssize_t system_read (gnutls_transport_ptr ptr, void *data, size_t data_size);
-ssize_t system_read_peek (gnutls_transport_ptr ptr, void *data,
+ssize_t system_read (gnutls_transport_ptr_t ptr, void *data, size_t data_size);
+ssize_t system_read_peek (gnutls_transport_ptr_t ptr, void *data,
size_t data_size);
#ifdef _WIN32
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 05526fd..6fc1eb9 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -157,4 +157,7 @@ int pubkey_verify_sig (const gnutls_datum_t * tbs,
gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
int issuer_params_size);
+int
+check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
+
#endif
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index 9e5fabd..1bd26cb 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -213,7 +213,7 @@ _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
int result;
char name[256];
gnutls_datum_t tmp = { NULL, 0 };
- gnutls_pk_algorithm pk_algorithm;
+ gnutls_pk_algorithm_t pk_algorithm;
result = _gnutls_x509_get_pk_algorithm (asn, root, NULL);
if (result < 0)
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 98d3a95..51252a1 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -40,8 +40,8 @@
#define INIT_HASH 0x33a1
struct node_st {
/* The trusted certificates */
- gnutls_x509_crt_t * crts;
- unsigned int crt_size;
+ gnutls_x509_crt_t * trusted_crts;
+ unsigned int trusted_crt_size;
/* The trusted CRLs */
gnutls_x509_crl_t * crls;
@@ -106,9 +106,9 @@ int i, j;
{
for (i=0;i<list->size;i++)
{
- for (j=0;j<list->node[i].crt_size;j++)
+ for (j=0;j<list->node[i].trusted_crt_size;j++)
{
- gnutls_x509_crt_deinit(list->node[i].crts[j]);
+ gnutls_x509_crt_deinit(list->node[i].trusted_crts[j]);
}
for (j=0;j<list->node[i].crl_size;j++)
{
@@ -154,15 +154,15 @@ uint32_t hash;
hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH);
hash %= list->size;
- list->node[hash].crts = gnutls_realloc_fast( list->node[hash].crts,
(list->node[hash].crt_size+1)*sizeof(list->node[hash].crts[0]));
- if (list->node[hash].crts == NULL)
+ list->node[hash].trusted_crts = gnutls_realloc_fast(
list->node[hash].trusted_crts,
(list->node[hash].trusted_crt_size+1)*sizeof(list->node[hash].trusted_crts[0]));
+ if (list->node[hash].trusted_crts == NULL)
{
gnutls_assert();
return i;
}
- list->node[hash].crts[list->node[hash].crt_size] = clist[i];
- list->node[hash].crt_size++;
+ list->node[hash].trusted_crts[list->node[hash].trusted_crt_size] =
clist[i];
+ list->node[hash].trusted_crt_size++;
_gnutls_free_datum(&dn);
}
@@ -223,13 +223,13 @@ uint32_t hash;
if (flags & GNUTLS_TL_VERIFY_CRL)
{
- ret = gnutls_x509_crl_verify(crl_list[i], list->node[hash].crts,
- list->node[hash].crt_size, verification_flags, &vret);
+ ret = gnutls_x509_crl_verify(crl_list[i],
list->node[hash].trusted_crts,
+ list->node[hash].trusted_crt_size, verification_flags, &vret);
if (ret < 0 || vret != 0)
continue;
}
- list->node[hash].crls = gnutls_realloc_fast( list->node[hash].crls,
(list->node[hash].crl_size+1)*sizeof(list->node[hash].crts[0]));
+ list->node[hash].crls = gnutls_realloc_fast( list->node[hash].crls,
(list->node[hash].crl_size+1)*sizeof(list->node[hash].trusted_crts[0]));
if (list->node[hash].crls == NULL)
{
gnutls_assert();
@@ -244,6 +244,74 @@ uint32_t hash;
return j;
}
+/* Takes a certificate list and shortens it if there are
+ * intermedia certificates already trusted by us.
+ *
+ * FIXME: This is very similar to _gnutls_x509_verify_certificate().
+ *
+ * Returns the new size of the list or a negative number on error.
+ */
+int shorten_clist(gnutls_x509_trust_list_t list,
+ gnutls_x509_crt_t* certificate_list, int clist_size)
+{
+int i, j, ret;
+uint32_t hash;
+gnutls_datum_t dn;
+
+ if (clist_size > 1)
+ {
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ *
+ * This prevents from verifying self signed certificates against
+ * themselves. This (although not bad) caused verification
+ * failures on some root self signed certificates that use the
+ * MD2 algorithm.
+ */
+ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) > 0)
+ {
+ clist_size--;
+ }
+ }
+
+ /* We want to shorten the chain by removing the cert that matches
+ * one of the certs we trust and all the certs after that i.e. if
+ * cert chain is A signed-by B signed-by C signed-by D (signed-by
+ * self-signed E but already removed above), and we trust B, remove
+ * B, C and D. */
+ for (i=1; i < clist_size; i++)
+ {
+ int j;
+
+ ret = gnutls_x509_crt_get_raw_issuer_dn(certificate_list[i], &dn);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
+
+ hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH);
+ hash %= list->size;
+
+ _gnutls_free_datum(&dn);
+
+ for (j = 0; j < list->node[hash].trusted_crt_size; j++)
+ {
+ if (check_if_same_cert (certificate_list[i],
list->node[hash].trusted_crts[j]) == 0)
+ {
+ /* cut the list at the point of first the trusted certificate */
+ clist_size = i+1;
+ break;
+ }
+ }
+ /* clist_size may have been changed which gets out of loop */
+ }
+
+ return clist_size;
+}
+
/**
* gnutls_x509_trust_list_verify_crt:
@@ -273,10 +341,11 @@ int ret, i;
uint32_t hash;
if (cert_list == NULL || cert_list_size < 1)
- {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ cert_list_size = shorten_clist(list, cert_list, cert_list_size);
+ if (cert_list_size <= 0)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
ret = gnutls_x509_crt_get_raw_issuer_dn(cert_list[cert_list_size-1], &dn);
if (ret < 0)
@@ -291,7 +360,7 @@ uint32_t hash;
_gnutls_free_datum(&dn);
*verify = _gnutls_x509_verify_certificate(cert_list, cert_list_size,
- list->node[hash].crts, list->node[hash].crt_size,
+ list->node[hash].trusted_crts, list->node[hash].trusted_crt_size,
flags, func);
if (*verify != 0) return 0;
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index a33be90..0617949 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -48,7 +48,7 @@ static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
unsigned int *output);
/* Checks if two certs are identical. Return 0 on match. */
-static int
+int
check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
{
gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin =
@@ -935,7 +935,7 @@ _gnutls_dsa_q_to_hash (bigint_t q)
int
_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
const gnutls_datum_t * signature,
- gnutls_pk_algorithm pk,
+ gnutls_pk_algorithm_t pk,
bigint_t * issuer_params,
unsigned int issuer_params_size)
{
diff --git a/libextra/includes/gnutls/openssl.h
b/libextra/includes/gnutls/openssl.h
index 7ea8b7c..86ae199 100644
--- a/libextra/includes/gnutls/openssl.h
+++ b/libextra/includes/gnutls/openssl.h
@@ -100,7 +100,7 @@ extern "C"
typedef struct
{
char priority_string[256];
- gnutls_connection_end_t connend;
+ unsigned int connend;
} SSL_METHOD;
typedef struct
diff --git a/src/certtool-common.h b/src/certtool-common.h
index bf08db2..bcc79d1 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -61,7 +61,7 @@ gnutls_x509_crq_t load_request (common_info_st * info);
gnutls_x509_privkey_t load_ca_private_key (common_info_st * info);
gnutls_x509_crt_t load_ca_cert (common_info_st * info);
gnutls_x509_crt_t load_cert (int mand, common_info_st * info);
-gnutls_datum *load_secret_key (int mand, common_info_st * info);
+gnutls_datum_t *load_secret_key (int mand, common_info_st * info);
gnutls_pubkey_t load_pubkey (int mand, common_info_st * info);
gnutls_x509_crt_t *load_cert_list (int mand, size_t * size,
common_info_st * info);
diff --git a/src/certtool.c b/src/certtool.c
index 520b781..5167323 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -60,7 +60,7 @@ void generate_pkcs12 (common_info_st *);
void generate_pkcs8 (common_info_st *);
static void verify_chain (void);
void verify_crl (common_info_st * cinfo);
-void pubkey_info (gnutls_x509_crt crt, common_info_st *);
+void pubkey_info (gnutls_x509_crt_t crt, common_info_st *);
void pgp_privkey_info (void);
void pgp_ring_info (void);
void certificate_info (int, common_info_st *);
@@ -764,7 +764,7 @@ generate_crl (gnutls_x509_crt_t ca_crt, common_info_st *
cinfo)
}
static gnutls_digest_algorithm_t
-get_dig (gnutls_x509_crt crt)
+get_dig (gnutls_x509_crt_t crt)
{
gnutls_digest_algorithm_t dig;
gnutls_pubkey_t pubkey;
@@ -1969,7 +1969,7 @@ static int detailed_verification(gnutls_x509_crt_t cert,
if (crl != NULL)
{
- gnutls_datum data;
+ gnutls_datum_t data;
issuer_name_size = sizeof (issuer_name);
ret =
@@ -2855,7 +2855,7 @@ print_key_usage (FILE * outfile, unsigned int usage)
}
void
-pubkey_info (gnutls_x509_crt crt, common_info_st * cinfo)
+pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo)
{
gnutls_pubkey_t pubkey;
unsigned int bits, usage;
diff --git a/src/cli.c b/src/cli.c
index 65d2cf5..f9ceda3 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -554,7 +554,7 @@ init_tls_session (const char *hostname)
if (udp)
{
- gnutls_init_dtls (&session, GNUTLS_CLIENT, 0);
+ gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
if (mtu)
gnutls_dtls_set_mtu(session, mtu);
}
diff --git a/src/common.c b/src/common.c
index 81bb153..7971c7b 100644
--- a/src/common.c
+++ b/src/common.c
@@ -490,7 +490,7 @@ print_info (gnutls_session_t session, const char *hostname,
int insecure)
if (verbose)
{
- gnutls_datum cb;
+ gnutls_datum_t cb;
int rc;
rc =
diff --git a/src/pkcs11.c b/src/pkcs11.c
index c6aceb5..6244637 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -394,7 +394,7 @@ pkcs11_export (FILE * outfile, const char *url, unsigned
int login,
break;
default:
{
- gnutls_datum data, enc;
+ gnutls_datum_t data, enc;
size = buffer_size;
ret = gnutls_pkcs11_obj_export (crt, buffer, &size);
diff --git a/src/serv.c b/src/serv.c
index 461aa0f..7b60147 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -333,7 +333,7 @@ gnutls_session_t initialize_session (int dtls)
const char *err;
if (dtls)
- gnutls_init_dtls (&session, GNUTLS_SERVER, 0);
+ gnutls_init (&session, GNUTLS_SERVER|GNUTLS_DATAGRAM);
else
gnutls_init (&session, GNUTLS_SERVER);
diff --git a/src/udp-serv.c b/src/udp-serv.c
index 8ac3158..f77961c 100644
--- a/src/udp-serv.c
+++ b/src/udp-serv.c
@@ -15,7 +15,7 @@ typedef struct {
socklen_t cli_addr_size;
} priv_data_st;
-static int pull_timeout_func(gnutls_transport_ptr ptr, void* data, size_t
data_size, unsigned int ms);
+static int pull_timeout_func(gnutls_transport_ptr_t ptr, void* data, size_t
data_size, unsigned int ms);
static ssize_t push_func (gnutls_transport_ptr_t p, const void * data, size_t
size);
static ssize_t pull_func(gnutls_transport_ptr_t p, void * data, size_t size);
@@ -111,7 +111,7 @@ int udp_server(const char* name, int port, int mtu)
/* Wait for data to be received within a timeout period in milliseconds
*/
-static int pull_timeout_func(gnutls_transport_ptr ptr, void* data, size_t
data_size, unsigned int ms)
+static int pull_timeout_func(gnutls_transport_ptr_t ptr, void* data, size_t
data_size, unsigned int ms)
{
fd_set rfds;
struct timeval tv;
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-283-g562320f,
Nikos Mavrogiannopoulos <=