[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-27-g848d592
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-27-g848d592 |
|
Date: |
Tue, 18 May 2010 19:33:44 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=848d5920044e9f4880d9f9857039d82bf03f0352
The branch, master has been updated
via 848d5920044e9f4880d9f9857039d82bf03f0352 (commit)
via dc5a475674af595c096146a775f128fb65b717e2 (commit)
from 77e4107df9dfdfd6d318db9627626e4ce530b9a6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 848d5920044e9f4880d9f9857039d82bf03f0352
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue May 18 21:26:25 2010 +0200
Because we want to differentiate the behavior of server
and client with regards to safe renegotiation. If a server didn't
have either SAFE_RENEGOTIATION or UNSAFE_RENEGOTIATION set the
safe renegotiation will be the default. This (as well as the
safe_renegotiation_set flag) has to be removed once safe
renegotiation is default in both server and client side.
commit dc5a475674af595c096146a775f128fb65b717e2
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue May 18 21:17:07 2010 +0200
Emulate old gnutls behavior regarding safe renegotiation if the priority_*
functions are not called.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_int.h | 1 +
lib/gnutls_priority.c | 35 ++++++++++++++++++++++++++++++++---
lib/gnutls_state.c | 5 +++++
3 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index b1c1261..dba813b 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -467,6 +467,7 @@ struct gnutls_priority_st
int unsafe_renegotiation:1;
int initial_safe_renegotiation:1;
int disable_safe_renegotiation:1;
+ int safe_renegotiation_set:1; /* whether the priority string set any
renegotiation parameters */
int ssl3_record_version;
int additional_verify_flags;
};
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 4b1607d..c914b08 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -448,6 +448,21 @@ gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority)
memcpy (&session->internals.priorities, priority,
sizeof (struct gnutls_priority_st));
+ /* Hack. Because we want to differentiate the behavior of server
+ * and client with regards to safe renegotiation. If a server didn't
+ * have either SAFE_RENEGOTIATION or UNSAFE_RENEGOTIATION set the
+ * safe renegotiation will be the default. This (as well as the
+ * safe_renegotiation_set flag) has to be removed once safe
+ * renegotiation is default in both server and client side.
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ if (session->internals.priorities.safe_renegotiation_set == 0)
+ {
+ session->internals.priorities.unsafe_renegotiation = 0;
+ }
+ }
+
/* set the current version to the first in the chain.
* This will be overridden later.
*/
@@ -576,6 +591,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
+
+ /* for now unsafe renegotiation is default on everyone. To be removed
+ * when we make it the default.
+ */
(*priority_cache)->unsafe_renegotiation = 1;
if (priorities == NULL)
@@ -727,18 +746,28 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
else if (strcasecmp (&broken_list[i][1],
"UNSAFE_RENEGOTIATION") == 0)
- (*priority_cache)->unsafe_renegotiation = 1;
+ {
+ (*priority_cache)->unsafe_renegotiation = 1;
+ (*priority_cache)->safe_renegotiation_set = 1;
+ }
else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0)
- (*priority_cache)->unsafe_renegotiation = 0;
+ {
+ (*priority_cache)->unsafe_renegotiation = 0;
+ (*priority_cache)->safe_renegotiation_set = 1;
+ }
else if (strcasecmp (&broken_list[i][1],
"INITIAL_SAFE_RENEGOTIATION") == 0)
{
(*priority_cache)->unsafe_renegotiation = 0;
(*priority_cache)->initial_safe_renegotiation = 1;
+ (*priority_cache)->safe_renegotiation_set = 1;
}
else if (strcasecmp (&broken_list[i][1],
"DISABLE_SAFE_RENEGOTIATION") == 0)
- (*priority_cache)->disable_safe_renegotiation = 1;
+ {
+ (*priority_cache)->disable_safe_renegotiation = 1;
+ (*priority_cache)->safe_renegotiation_set = 1;
+ }
else
goto error;
}
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 6cc8b68..84e53be 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -350,6 +350,11 @@ gnutls_init (gnutls_session_t * session,
gnutls_connection_end_t con_end)
_gnutls_handshake_internal_state_init (*session);
+ /* emulate old gnutls behavior for old applications that do not use the
priority_*
+ * functions.
+ */
+ (*session)->internals.priorities.unsafe_renegotiation = 1;
+
return 0;
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-27-g848d592,
Nikos Mavrogiannopoulos <=