[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-54-g4da9342
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-54-g4da9342 |
|
Date: |
Sun, 07 Oct 2012 22:12:28 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=4da9342263784dada84671893a6b41cd52e38701
The branch, master has been updated
via 4da9342263784dada84671893a6b41cd52e38701 (commit)
via f9c88ed32a9cc6fdc03ddd2075b3073bf2215311 (commit)
via 1612a16ed2dd736083204b5696f6d7ad3bdd0a7b (commit)
from 565f2c39c51af3c05dfc25362dca83d32187430d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4da9342263784dada84671893a6b41cd52e38701
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Oct 7 23:55:47 2012 +0200
The session ticket and OCSP certificate status extensions are enabled by
default.
In client side gnutls_init() enables the session ticket and
OCSP certificate status request extensions by default. The flag
GNUTLS_NO_EXTENSIONS can be used to prevent that.
commit f9c88ed32a9cc6fdc03ddd2075b3073bf2215311
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Oct 7 23:36:31 2012 +0200
save some memory by removed unused ASN.1 structures.
commit 1612a16ed2dd736083204b5696f6d7ad3bdd0a7b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Oct 7 12:57:57 2012 +0200
corrected version number
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++++
doc/examples/ex-client-resume.c | 3 ---
doc/examples/ex-client-x509.c | 4 ----
lib/gnutls_pubkey.c | 2 +-
lib/gnutls_state.c | 12 ++++++++++++
lib/includes/gnutls/gnutls.h.in | 2 ++
lib/pkix.asn | 24 +++++++-----------------
lib/pkix_asn1_tab.c | 18 ++----------------
src/cli-args.c | 2 +-
src/cli-args.h | 2 +-
src/tls_test.c | 2 +-
tests/resume-dtls.c | 2 +-
tests/resume.c | 2 +-
13 files changed, 33 insertions(+), 46 deletions(-)
diff --git a/NEWS b/NEWS
index f22d2ca..9854b55 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,10 @@ Reported by danblack at
http://savannah.gnu.org/support/?108146
** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP
response corresponds to the given certificate.
+** libgnutls: In client side gnutls_init() enables the session ticket and
+OCSP certificate status request extensions by default. The flag
+GNUTLS_NO_EXTENSIONS can be used to prevent that.
+
** libdane: Added. It is a library to provide DANE with DNSSEC certificate
verification.
diff --git a/doc/examples/ex-client-resume.c b/doc/examples/ex-client-resume.c
index a9417ce..0fe2a88 100644
--- a/doc/examples/ex-client-resume.c
+++ b/doc/examples/ex-client-resume.c
@@ -47,9 +47,6 @@ main (void)
sd = tcp_connect ();
gnutls_init (&session, GNUTLS_CLIENT);
- /* enable useful extensions */
- gnutls_session_ticket_enable_client(session);
- gnutls_ocsp_status_request_enable_client(session, NULL, 0, NULL);
gnutls_priority_set_direct (session, "PERFORMANCE:!ARCFOUR-128", NULL);
diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c
index ce55b20..6939ba3 100644
--- a/doc/examples/ex-client-x509.c
+++ b/doc/examples/ex-client-x509.c
@@ -55,10 +55,6 @@ int main (void)
gnutls_session_set_ptr (session, (void *) "my_host_name");
- /* enable useful extensions */
- gnutls_session_ticket_enable_client(session);
- gnutls_ocsp_status_request_enable_client(session, NULL, 0, NULL);
-
gnutls_server_name_set (session, GNUTLS_NAME_DNS, "my_host_name",
strlen("my_host_name"));
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index 36e9cee..c492445 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -2026,7 +2026,7 @@ void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
- * Since: 3.1.0
+ * Since: 3.1.3
**/
int gnutls_pubkey_import_x509_raw (gnutls_pubkey_t pkey,
const gnutls_datum_t * data,
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 5793c5c..a9a1ea0 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -295,6 +295,11 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t
session)
* also available. The latter flag will enable a non-blocking
* operation of the DTLS timers.
*
+ * Note that since version 3.1.2 this function enables some common
+ * TLS extensions such as session tickets and OCSP certificate status
+ * request in client side by default. To prevent that use the
%GNUTLS_NO_EXTENSIONS
+ * flag.
+ *
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
@@ -402,6 +407,13 @@ gnutls_init (gnutls_session_t * session, unsigned int
flags)
else
(*session)->internals.dtls.blocking = 1;
+ /* Enable useful extensions */
+ if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS))
+ {
+ gnutls_session_ticket_enable_client(*session);
+ gnutls_ocsp_status_request_enable_client(*session, NULL, 0, NULL);
+ }
+
return 0;
}
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 51e594e..ec553a0 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -295,12 +295,14 @@ extern "C"
* @GNUTLS_CLIENT: Connection end is a client.
* @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
* @GNUTLS_NONBLOCK: Connection should not block (DTLS).
+ * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default.
*
*/
#define GNUTLS_SERVER 1
#define GNUTLS_CLIENT (1<<1)
#define GNUTLS_DATAGRAM (1<<2)
#define GNUTLS_NONBLOCK (1<<3)
+#define GNUTLS_NO_EXTENSIONS (1<<4)
/**
* gnutls_alert_level_t:
diff --git a/lib/pkix.asn b/lib/pkix.asn
index d892c26..3f1682c 100644
--- a/lib/pkix.asn
+++ b/lib/pkix.asn
@@ -116,11 +116,11 @@ AccessDescription ::= SEQUENCE {
-- CRL number extension OID and syntax
-CRLNumber ::= INTEGER (0..MAX)
+-- CRLNumber ::= INTEGER (0..MAX)
-- certificate issuer CRL entry extension OID and syntax
-CertificateIssuer ::= GeneralNames
+-- CertificateIssuer ::= GeneralNames
-- --------------------------------------
-- EXPLICIT
@@ -182,13 +182,13 @@ id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2)
ds(5) 4}
-- Maybe this is inefficient and memory consuming. Should we replace with
-- a table that maps OIDs to structures?
-PostalAddress ::= SEQUENCE OF DirectoryString
+-- PostalAddress ::= SEQUENCE OF DirectoryString
-- Legacy attributes
emailAddress AttributeType ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) 9 1 }
-Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
+-- Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
-- naming data types --
@@ -612,11 +612,9 @@ ResponseData ::= SEQUENCE {
ResponderID ::= CHOICE {
-- Changed to work with the libtasn1 parser.
- byName [1] EXPLICIT RDNSequence, --Name,
- byKey [2] KeyHash }
-
-KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- --(excluding the tag and length fields)
+ byName [1] EXPLICIT RDNSequence, --Name
+ byKey [2] OCTET STRING --SHA-1 hash of responder's public key
+}
SingleResponse ::= SEQUENCE {
certID CertID,
@@ -636,14 +634,6 @@ RevokedInfo ::= SEQUENCE {
UnknownInfo ::= NULL -- this can be replaced with an enumeration
-ArchiveCutoff ::= GeneralizedTime
-
-AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
-
-ServiceLocator ::= SEQUENCE {
- issuer Name,
- locator AuthorityInfoAccessSyntax }
-
-- rfc5280
CRLReason ::= ENUMERATED {
diff --git a/lib/pkix_asn1_tab.c b/lib/pkix_asn1_tab.c
index abd3b84..be8bcd5 100644
--- a/lib/pkix_asn1_tab.c
+++ b/lib/pkix_asn1_tab.c
@@ -4,7 +4,7 @@
#include <libtasn1.h>
-const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
+const asn_static_node_t pkix_asn1_tab[] = {
{ "PKIX1", 536875024, NULL },
{ NULL, 1073741836, NULL },
{ "id-pkix", 1879048204, NULL },
@@ -103,9 +103,6 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
{ "AccessDescription", 1610612741, NULL },
{ "accessMethod", 1073741836, NULL },
{ "accessLocation", 2, "GeneralName"},
- { "CRLNumber", 1611137027, NULL },
- { "0", 10, "MAX"},
- { "CertificateIssuer", 1073741826, "GeneralNames"},
{ "NumericString", 1610620935, NULL },
{ NULL, 4360, "18"},
{ "IA5String", 1610620935, NULL },
@@ -134,8 +131,6 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
{ "joint-iso-ccitt", 1073741825, "2"},
{ "ds", 1073741825, "5"},
{ NULL, 1, "4"},
- { "PostalAddress", 1610612747, NULL },
- { NULL, 2, "DirectoryString"},
{ "emailAddress", 1880096780, "AttributeType"},
{ "iso", 1073741825, "1"},
{ "member-body", 1073741825, "2"},
@@ -144,8 +139,6 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
{ "pkcs", 1073741825, "1"},
{ NULL, 1073741825, "9"},
{ NULL, 1, "1"},
- { "Pkcs9email", 1612709890, "IA5String"},
- { "ub-emailaddress-length", 524298, "1"},
{ "Name", 1610612754, NULL },
{ "rdnSequence", 2, "RDNSequence"},
{ "RDNSequence", 1610612747, NULL },
@@ -458,9 +451,8 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
{ "ResponderID", 1610612754, NULL },
{ "byName", 1610620930, "RDNSequence"},
{ NULL, 2056, "1"},
- { "byKey", 536879106, "KeyHash"},
+ { "byKey", 536879111, NULL },
{ NULL, 4104, "2"},
- { "KeyHash", 1073741831, NULL },
{ "SingleResponse", 1610612741, NULL },
{ "certID", 1073741826, "CertID"},
{ "certStatus", 1073741826, "CertStatus"},
@@ -481,12 +473,6 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
{ "revocationReason", 536895490, "CRLReason"},
{ NULL, 2056, "0"},
{ "UnknownInfo", 1073741844, NULL },
- { "ArchiveCutoff", 1082130449, NULL },
- { "AcceptableResponses", 1610612747, NULL },
- { NULL, 12, NULL },
- { "ServiceLocator", 1610612741, NULL },
- { "issuer", 1073741826, "Name"},
- { "locator", 2, "AuthorityInfoAccessSyntax"},
{ "CRLReason", 537133077, NULL },
{ "unspecified", 1073741825, "0"},
{ "keyCompromise", 1073741825, "1"},
diff --git a/src/cli-args.c b/src/cli-args.c
index 5855918..819ac38 100644
--- a/src/cli-args.c
+++ b/src/cli-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (cli-args.c)
*
- * It has been AutoGen-ed October 7, 2012 at 12:14:56 AM by AutoGen 5.16
+ * It has been AutoGen-ed October 7, 2012 at 01:02:46 PM by AutoGen 5.16
* From the definitions cli-args.def
* and the template file options
*
diff --git a/src/cli-args.h b/src/cli-args.h
index 55d2138..f2ad811 100644
--- a/src/cli-args.h
+++ b/src/cli-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (cli-args.h)
*
- * It has been AutoGen-ed October 7, 2012 at 12:14:56 AM by AutoGen 5.16
+ * It has been AutoGen-ed October 7, 2012 at 01:02:46 PM by AutoGen 5.16
* From the definitions cli-args.def
* and the template file options
*
diff --git a/src/tls_test.c b/src/tls_test.c
index 67ff904..f4f61b1 100644
--- a/src/tls_test.c
+++ b/src/tls_test.c
@@ -275,7 +275,7 @@ main (int argc, char **argv)
continue;
}
}
- ERR (err, "connect") gnutls_init (&state, GNUTLS_CLIENT);
+ ERR (err, "connect") gnutls_init (&state,
GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS);
gnutls_transport_set_ptr (state, (gnutls_transport_ptr_t)
gl_fd_to_handle (sd));
diff --git a/tests/resume-dtls.c b/tests/resume-dtls.c
index 03f606c..3e56645 100644
--- a/tests/resume-dtls.c
+++ b/tests/resume-dtls.c
@@ -122,7 +122,7 @@ client (struct params_res *params)
/* Initialize TLS session
*/
- gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
+ gnutls_init (&session,
GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NO_EXTENSIONS);
/* Use default priorities */
gnutls_priority_set_direct (session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
diff --git a/tests/resume.c b/tests/resume.c
index 6b63332..b6b47d7 100644
--- a/tests/resume.c
+++ b/tests/resume.c
@@ -113,7 +113,7 @@ client (struct params_res *params)
/* Initialize TLS session
*/
- gnutls_init (&session, GNUTLS_CLIENT);
+ gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS);
/* Use default priorities */
gnutls_priority_set_direct (session,
"NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-54-g4da9342,
Nikos Mavrogiannopoulos <=