[SCM] GNU gnutls branch, master, updated. gnutls_3_0

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-130-g240cae9

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-130-g240cae9
Date:	Wed, 31 Aug 2011 14:57:27 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=240cae972d30ca4de7ead5f85b8bea113bef437a

The branch, master has been updated
       via  240cae972d30ca4de7ead5f85b8bea113bef437a (commit)
       via  169c735162ab5ae822ac78223ac41db6c84e5ba5 (commit)
       via  8cf2b1124020d25a9afc97d25f48e60f7e751ff1 (commit)
      from  64fe6c9095c81c943e40c5dcfe37d3b83e18f6ad (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 NEWS                   |    8 ++++++++
 doc/cha-gtls-app.texi  |    5 +++++
 doc/printlist.c        |    2 +-
 lib/gnutls_handshake.c |   31 ++++++++++++++++++-------------
 lib/gnutls_int.h       |    9 +++++----
 lib/gnutls_priority.c  |   15 ++++++++++++---
 6 files changed, 49 insertions(+), 21 deletions(-)

diff --git a/NEWS b/NEWS
index 7bfcd36..e1e245d 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,14 @@ See the end for copying conditions.
 
 * Version 3.0.2 (unreleased)
 
+** libgnutls: OpenPGP certificate type is not enabled
+by default.
+
+** libgnutls: Added %NO_EXTENSIONS priority string.
+
+** libgnutls: Corrected issue in gnutls_record_recv()
+triggered on encryption or compression error.
+
 ** libgnutls: Compatibility fixes in CPU ID detection 
 for i386 and old GCC.
 
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index ea43dde..b1d364e 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -402,6 +402,11 @@ will enable compatibility mode. It might mean that 
violations
 of the protocols are allowed as long as maximum compatibility with
 problematic clients and servers is achieved.
 
address@hidden %NO_EXTENSIONS @tab
+will prevent the sending of any TLS extensions in client side. Note
+that TLS 1.2 requires extensions to be used, thus this option must
+be used with care.
+
 @item %DISABLE_SAFE_RENEGOTIATION @tab
 will disable safe renegotiation
 completely.  Do not use unless you know what you are doing.
diff --git a/doc/printlist.c b/doc/printlist.c
index ac6c1d2..3abea70 100644
--- a/doc/printlist.c
+++ b/doc/printlist.c
@@ -200,7 +200,7 @@ const char* _name;
 
 puts( headers);
 
-printf("\\begin{supertabular}{|p{.60\\linewidth}|p{.15\\linewidth}|p{.10\\linewidth}|}\n");
+printf("\\begin{supertabular}{|p{.64\\linewidth}|p{.12\\linewidth}|p{.09\\linewidth}|}\n");
 
   {
     size_t i;
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e214ea0..9617ac9 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1841,7 +1841,8 @@ _gnutls_send_client_hello (gnutls_session_t session, int 
again)
        */
       if (!session->internals.initial_negotiation_completed &&
           session->security_parameters.entity == GNUTLS_CLIENT &&
-          gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+          (gnutls_protocol_get_version (session) == GNUTLS_SSL3 || 
+          session->internals.priorities.no_extensions != 0))
         {
           ret =
             _gnutls_copy_ciphersuites (session, &extdata, TRUE);
@@ -1868,21 +1869,25 @@ _gnutls_send_client_hello (gnutls_session_t session, 
int again)
 
       /* Generate and copy TLS extensions.
        */
-      if (_gnutls_version_has_extensions (hver))
-        type = GNUTLS_EXT_ANY;
-      else
+      if (session->internals.priorities.no_extensions == 0)
         {
-          if (session->internals.initial_negotiation_completed != 0)
-            type = GNUTLS_EXT_MANDATORY;
+          if (_gnutls_version_has_extensions (hver))
+            type = GNUTLS_EXT_ANY;
           else
-            type = GNUTLS_EXT_NONE;
-        }
+            {
+              if (session->internals.initial_negotiation_completed != 0)
+                type = GNUTLS_EXT_MANDATORY;
+              else
+                type = GNUTLS_EXT_NONE;
+            }
+
+          ret = _gnutls_gen_extensions (session, &extdata, type);
+          if (ret < 0)
+            {
+              gnutls_assert();
+              goto cleanup;
+            }
 
-      ret = _gnutls_gen_extensions (session, &extdata, type);
-      if (ret < 0)
-        {
-          gnutls_assert();
-          goto cleanup;
         }
 
       ret = _mbuffer_append_data (bufel, extdata.data, extdata.length);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index c0df2a5..7ad7720 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -553,11 +553,12 @@ struct gnutls_priority_st
   priority_st supported_ecc;
 
   /* to disable record padding */
-  int no_padding:1;
-  int allow_large_records:1;
+  unsigned int no_extensions:1;
+  unsigned int no_padding:1;
+  unsigned int allow_large_records:1;
   safe_renegotiation_t sr;
-  int ssl3_record_version:1;
-  int additional_verify_flags;
+  unsigned int ssl3_record_version:1;
+  unsigned int additional_verify_flags;
 };
 
 
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 90e7006..22641bf 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -486,7 +486,12 @@ static const int mac_priority_secure192[] = {
   0
 };
 
-static int cert_type_priority[] = {
+static const int cert_type_priority_default[] = {
+  GNUTLS_CRT_X509,
+  0
+};
+
+static const int cert_type_priority_all[] = {
   GNUTLS_CRT_X509,
   GNUTLS_CRT_OPENPGP,
   0
@@ -681,7 +686,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
     {
       _set_priority (&(*priority_cache)->protocol, protocol_priority);
       _set_priority (&(*priority_cache)->compression, comp_priority);
-      _set_priority (&(*priority_cache)->cert_type, cert_type_priority);
+      _set_priority (&(*priority_cache)->cert_type, 
cert_type_priority_default);
       _set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
       _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
       i = 0;
@@ -845,7 +850,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
               if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0)
                 {
                   bulk_fn (&(*priority_cache)->cert_type,
-                                 cert_type_priority);
+                                 cert_type_priority_all);
                 }
               else
                 {
@@ -899,6 +904,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
               (*priority_cache)->no_padding = 1;
               (*priority_cache)->allow_large_records = 1;
             }
+          else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0)
+            {
+              (*priority_cache)->no_extensions = 1;
+            }
           else if (strcasecmp (&broken_list[i][1],
                                "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
             {


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-130-g240cae9, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_1-56-g2eaca50
Next by Date: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_9-8-gd1b1294
Previous by thread: [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_1-56-g2eaca50
Next by thread: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_9-8-gd1b1294
Index(es):
- Date
- Thread