[SCM] GNU gnutls branch, master, updated. gnutls_3_1

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-51-g565f2c3

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-51-g565f2c3
Date:	Sun, 07 Oct 2012 10:12:12 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=565f2c39c51af3c05dfc25362dca83d32187430d

The branch, master has been updated
       via  565f2c39c51af3c05dfc25362dca83d32187430d (commit)
       via  e25f212040b5ddf0e5958c13346a0ab353d92cb7 (commit)
      from  29d8329019ef8c17aecb8a757aea853ffb7f48c5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 565f2c39c51af3c05dfc25362dca83d32187430d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Oct 7 12:10:59 2012 +0200

    Bug fixes in DANE.
    
    Corrected packet length parsing and removed the verify
    options DANE_VERIFY_DNSSEC_DATA_INVALID and DANE_VERIFY_NO_DNSSEC_DATA.
    There is longer use for them since using the DANE API requires DNSSEC.

commit e25f212040b5ddf0e5958c13346a0ab353d92cb7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Oct 7 11:54:49 2012 +0200

    corrected versions

-----------------------------------------------------------------------

Summary of changes:
 lib/x509/crl.c                 |    2 +-
 lib/x509/crq.c                 |    2 +-
 lib/x509/privkey.c             |    2 +-
 lib/x509/privkey_pkcs8.c       |    2 +-
 libdane/dane.c                 |   17 ++++-------------
 libdane/includes/gnutls/dane.h |    4 ----
 src/cli.c                      |    4 ----
 7 files changed, 8 insertions(+), 25 deletions(-)

diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 2565e9c..8acc64c 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -653,7 +653,7 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl,
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value. and a negative error code on failure.
  *
- * Since 3.1
+ * Since 3.1.3
  **/
 int
 gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 5651cb0..28c9d70 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -1172,7 +1172,7 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq,
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
- * Since 3.1
+ * Since 3.1.3
  **/
 int
 gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 875d1f4..c5738fd 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1087,7 +1087,7 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
- * Since 3.1
+ * Since 3.1.3
  **/
 int
 gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 42d3c51..27c8da0 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -685,7 +685,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
  * Returns: In case of failure a negative error code will be
  *   returned, and 0 on success.
  *
- * Since 3.1
+ * Since 3.1.3
  **/
 int
 gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
diff --git a/libdane/dane.c b/libdane/dane.c
index ebf362c..e008ad8 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -234,7 +234,7 @@ int dane_query_resolve_tlsa(dane_query_t q, const char* 
host, const char* proto,
                q->type[i] = q->result->data[i][1];
                q->match[i] = q->result->data[i][2];
                q->data[i].data = (void*)&q->result->data[i][3];
-               q->data[i].size = q->result->len[i];
+               q->data[i].size = q->result->len[i] - 3;
                i++;
        } while(q->result->data[i] != NULL);
        
@@ -273,7 +273,7 @@ int ret;
                return 1;
        } else if (match == DANE_MATCH_SHA2_256) {
 
-               if (raw2->size < 32)
+               if (raw2->size != 32)
                        return 0;
                
                ret = gnutls_hash_fast(GNUTLS_DIG_SHA256, raw1->data, 
raw1->size, digest);
@@ -285,7 +285,7 @@ int ret;
                
                return 1;
        } else if (match == DANE_MATCH_SHA2_512) {
-               if (raw2->size < 64)
+               if (raw2->size != 64)
                        return 0;
                
                ret = gnutls_hash_fast(GNUTLS_DIG_SHA512, raw1->data, 
raw1->size, digest);
@@ -445,7 +445,7 @@ int dane_verify_crt (
 {
 dane_query_t q;
 int ret;
-unsigned int usage, type, match, idx, status;
+unsigned int usage, type, match, idx;
 gnutls_datum_t data;
        
        if (chain_type != GNUTLS_CRT_X509)
@@ -463,15 +463,6 @@ gnutls_datum_t data;
                goto cleanup;
        }
 
-       status = dane_query_status(q);
-       if (status == DANE_QUERY_BOGUS) {
-               *verify |= DANE_VERIFY_DNSSEC_DATA_INVALID;
-               goto cleanup;
-       } else if (status == DANE_QUERY_NO_DNSSEC) {
-               *verify |= DANE_VERIFY_NO_DNSSEC_DATA;
-               goto cleanup;
-       }
-
        idx = 0;
        do {
                ret = dane_query_data(q, idx++, &usage, &type, &match, &data);
diff --git a/libdane/includes/gnutls/dane.h b/libdane/includes/gnutls/dane.h
index 9a3a5e8..366d10a 100644
--- a/libdane/includes/gnutls/dane.h
+++ b/libdane/includes/gnutls/dane.h
@@ -107,8 +107,6 @@ unsigned int dane_query_entries(dane_query_t q);
  * @DANE_VERIFY_CA_CONSTRAINS_VIOLATED: The CA constrains was violated.
  * @DANE_VERIFY_CERT_DIFFERS: The certificate obtained via DNS differs.
  * @DANE_VERIFY_NO_DANE_INFO: No DANE data were found in the DNS record.
- * @DANE_VERIFY_DNSSEC_DATA_INVALID: The DNSSEC data are invalid.
- * @DANE_VERIFY_NO_DNSSEC_DATA: The DNS data were not signed using DNSSEC.
  *
  * Enumeration of different verification status flags.
  */
@@ -117,8 +115,6 @@ typedef enum dane_verify_status_t
   DANE_VERIFY_CA_CONSTRAINS_VIOLATED = 1,
   DANE_VERIFY_CERT_DIFFERS = 1<<1,
   DANE_VERIFY_NO_DANE_INFO = 1<<2,
-  DANE_VERIFY_DNSSEC_DATA_INVALID = 1<<3,
-  DANE_VERIFY_NO_DNSSEC_DATA = 1<<4,
 } dane_verify_status_t;
 
 /**
diff --git a/src/cli.c b/src/cli.c
index 179e274..ca3a4f8 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -503,10 +503,6 @@ cert_verify_callback (gnutls_session_t session)
                 fprintf(stderr, "- The certificate differs.\n");
               if (status & DANE_VERIFY_NO_DANE_INFO)
                 fprintf(stderr, "- There was no DANE information.\n");
-              if (status & DANE_VERIFY_DNSSEC_DATA_INVALID)
-                fprintf(stderr, "- The DNSSEC signature is invalid.\n");
-              if (status & DANE_VERIFY_NO_DNSSEC_DATA)
-                fprintf(stderr, "- There was no DNSSEC signature.\n");
               if (!insecure)
                 return -1;
             }


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-51-g565f2c3, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-49-g29d8329
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-54-g4da9342
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-49-g29d8329
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-54-g4da9342
Index(es):
- Date
- Thread