[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-122-g8d63e87
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-122-g8d63e87 |
|
Date: |
Mon, 07 Feb 2011 19:14:14 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=8d63e87199485f15adf91c411243f3121f1b07e1
The branch, master has been updated
via 8d63e87199485f15adf91c411243f3121f1b07e1 (commit)
via 55b5a945f924dcd7565d9333ae455ee439925d57 (commit)
via 76de76f57e43f3d1a7e078875dd242304a2f1ed4 (commit)
from d065ebcf3b5979e6c2f823189b15c7416c77d3d6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8d63e87199485f15adf91c411243f3121f1b07e1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Feb 7 20:13:59 2011 +0100
Removed gnutls_psk_netconf_derive_key.
commit 55b5a945f924dcd7565d9333ae455ee439925d57
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Feb 7 20:04:00 2011 +0100
Removed gnutls_certificate_verify_peers.
commit 76de76f57e43f3d1a7e078875dd242304a2f1ed4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Feb 7 20:02:18 2011 +0100
Removed gnutls_session_set_finished_function().
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 +-
doc/cha-auth.texi | 7 --
doc/cha-programs.texi | 10 +---
lib/Makefile.am | 2 +-
lib/gnutls_cert.c | 33 ----------
lib/gnutls_handshake.c | 3 -
lib/gnutls_int.h | 3 -
lib/gnutls_psk_netconf.c | 140 ------------------------------------------
lib/gnutls_state.c | 33 ----------
lib/includes/gnutls/compat.h | 22 -------
10 files changed, 5 insertions(+), 252 deletions(-)
delete mode 100644 lib/gnutls_psk_netconf.c
diff --git a/NEWS b/NEWS
index 8a65c36..ba01bd7 100644
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,9 @@ it can verify a certificate chain against a list of
certificates.
** API and ABI modifications:
gnutls_cipher_add_auth: ADDED
gnutls_cipher_tag: ADDED
+gnutls_psk_netconf_derive_key: REMOVED
+gnutls_certificate_verify_peers: REMOVED
+gnutls_session_set_finished_function: REMOVED
gnutls_ext_register: REMOVED
gnutls_certificate_get_x509_crls: REMOVED
gnutls_certificate_get_x509_cas: REMOVED
@@ -110,7 +113,6 @@ gnutls_x509_crl_sign2: DEPRECATED (use:
gnutls_x509_crl_privkey_sign)
gnutls_x509_privkey_sign_data: DEPRECATED (use: gnutls_privkey_sign_data2)
gnutls_x509_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2)
gnutls_x509_privkey_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data)
-gnutls_psk_netconf_derive_key: DEPRECATED
gnutls_session_set_finished_function: DEPRECATED
gnutls_x509_crt_verify_hash: DEPRECATED (use: gnutls_pubkey_verify_hash)
gnutls_x509_crt_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data)
diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi
index f02fd97..73e8c23 100644
--- a/doc/cha-auth.texi
+++ b/doc/cha-auth.texi
@@ -341,13 +341,6 @@ by sending a hint. In the server, specify the hint by
calling
the hint, for example in the callback function, using
@ref{gnutls_psk_client_get_hint}.
-There is no mechanism to derive a PSK key from a password
-specified by the TLS PSK address@hidden used to provide
address@hidden which follows the algorithm
-specified in @file{draft-ietf-netconf-tls-02.txt}. This method
-is deprecated and might be removed in later versions of GnuTLS.}.
-For password-based authentication check @ref{Authentication using SRP}.
-
Some helper functions such as:
@itemize
diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi
index 1a892ac..60b3514 100644
--- a/doc/cha-programs.texi
+++ b/doc/cha-programs.texi
@@ -792,20 +792,12 @@ Usage : psktool [options]
-u, --username username
specify username.
-p, --passwd FILE specify a password file.
- -n, --netconf-hint HINT
- derive key from Netconf password, using
- HINT as the psk_identity_hint.
-s, --keysize SIZE specify the key size in bytes.
-v, --version prints the program's version number
-h, --help shows this help text
@end verbatim
-Normally the file will generate random keys for the indicate username.
-You may also derive PSK keys from passwords, using the algorithm
-specified in @file{draft-ietf-netconf-tls-02.txt}. The algorithm
-needs a PSK identity hint, which you specify using
address@hidden To derive a PSK key from a password with an
-empty PSK identity hint, using @code{--netconf-hint ""}.
+Normally the file will generate random keys for the indicated username.
@node Invoking srptool
@section Invoking srptool
diff --git a/lib/Makefile.am b/lib/Makefile.am
index f7654b3..e96e6de 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -60,7 +60,7 @@ SRP_COBJECTS = ext_srp.c gnutls_srp.c auth_srp.c
auth_srp_passwd.c \
auth_srp_sb64.c auth_srp_rsa.c
PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
- auth_dhe_psk.c gnutls_psk_netconf.c
+ auth_dhe_psk.c
SESSION_TICKET_COBJECTS = ext_session_ticket.c
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index da80735..47f029c 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -617,39 +617,6 @@ gnutls_certificate_verify_peers2 (gnutls_session_t session,
}
/**
- * gnutls_certificate_verify_peers:
- * @session: is a gnutls session
- *
- * This function will try to verify the peer's certificate and return
- * its status (trusted, invalid etc.). However you must also check
- * the peer's name in order to check if the verified certificate
- * belongs to the actual peer.
- *
- * This function uses gnutls_x509_crt_list_verify().
- *
- * Returns: one or more of the #gnutls_certificate_status_t
- * enumerated elements bitwise or'd, or a negative value on error.
- *
- * Deprecated: Use gnutls_certificate_verify_peers2() instead.
- **/
-int
-gnutls_certificate_verify_peers (gnutls_session_t session)
-{
- unsigned int status;
- int ret;
-
- ret = gnutls_certificate_verify_peers2 (session, &status);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return status;
-}
-
-/**
* gnutls_certificate_expiration_time_peers:
* @session: is a gnutls session
*
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 7c884c7..de899c2 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -712,9 +712,6 @@ _gnutls_send_finished (gnutls_session_t session, int again)
vdata_size = _mbuffer_get_udata_size (bufel);
- if (session->internals.finished_func)
- session->internals.finished_func (session, data, vdata_size);
-
ret = _gnutls_ext_sr_finished (session, data, vdata_size, 0);
if (ret < 0)
{
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 14e2c0e..b01dc5c 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -709,9 +709,6 @@ typedef struct
gnutls_sign_func sign_func;
void *sign_func_userdata;
- /* Callback to extract TLS Finished message. */
- gnutls_finished_callback_func finished_func;
-
/* minimum bits to allow for SRP
* use gnutls_srp_set_prime_bits() to adjust it.
*/
diff --git a/lib/gnutls_psk_netconf.c b/lib/gnutls_psk_netconf.c
deleted file mode 100644
index 1df072b..0000000
--- a/lib/gnutls_psk_netconf.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
- *
- * Author: Simon Josefsson
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Functions to support draft-ietf-netconf-tls-01.txt. */
-
-#include <gnutls_int.h>
-#include <gnutls_hash_int.h>
-#include <gnutls_errors.h>
-
-#ifdef ENABLE_PSK
-
-
-/*-
- * gnutls_psk_netconf_derive_key:
- * @password: zero terminated string containing password.
- * @psk_identity: zero terminated string with PSK identity.
- * @psk_identity_hint: zero terminated string with PSK identity hint.
- * @output_key: output variable, contains newly allocated *data pointer.
- *
- * This function will derive a PSK key from a password, for use with
- * the Netconf protocol.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- *
- * Since: 2.4.0
- * Deprecated in: 2.11.0
- -*/
-int
-gnutls_psk_netconf_derive_key (const char *password,
- const char *psk_identity,
- const char *psk_identity_hint,
- gnutls_datum_t * output_key)
-{
- const char netconf_key_pad[] = "Key Pad for Netconf";
- size_t sha1len = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1);
- size_t hintlen = strlen (psk_identity_hint);
- digest_hd_st dig;
- char *inner;
- size_t innerlen;
- int rc;
-
- /*
- * PSK = SHA-1(SHA-1(psk_identity + "Key Pad for Netconf" + password) +
- * psk_identity_hint)
- *
- */
-
- rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = _gnutls_hash (&dig, psk_identity, strlen (psk_identity));
- if (rc < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&dig, NULL);
- return rc;
- }
-
- rc = _gnutls_hash (&dig, netconf_key_pad, strlen (netconf_key_pad));
- if (rc < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&dig, NULL);
- return rc;
- }
-
- rc = _gnutls_hash (&dig, password, strlen (password));
- if (rc < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&dig, NULL);
- return rc;
- }
-
- innerlen = sha1len + hintlen;
- inner = gnutls_malloc (innerlen);
- _gnutls_hash_deinit (&dig, inner);
- if (inner == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (inner + sha1len, psk_identity_hint, hintlen);
-
- rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
- if (rc < 0)
- {
- gnutls_assert ();
- gnutls_free (inner);
- return rc;
- }
-
- rc = _gnutls_hash (&dig, inner, innerlen);
- gnutls_free (inner);
- if (rc < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&dig, NULL);
- return rc;
- }
-
- output_key->data = gnutls_malloc (sha1len);
- _gnutls_hash_deinit (&dig, output_key->data);
- if (output_key->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- output_key->size = sha1len;
-
- return 0;
-}
-
-#endif /* ENABLE_PSK */
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index d3d34d6..7f463f7 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -1062,39 +1062,6 @@ gnutls_prf (gnutls_session_t session,
return ret;
}
-/*-
- * gnutls_session_set_finished_function:
- * @session: is a #gnutls_session_t structure.
- * @func: a #gnutls_finished_callback_func callback.
- *
- * Register a callback function for the session that will be called
- * when a TLS Finished message has been generated. The function is
- * typically used to copy away the TLS finished message for later use
- * as a channel binding or similar purpose.
- *
- * The callback should follow this prototype:
- *
- * void callback (gnutls_session_t @session, const void address@hidden, size_t
@len);
- *
- * The @finished parameter will contain the binary TLS finished
- * message, and @len will contains its length. For SSLv3 connections,
- * the @len parameter will be 36 and for TLS connections it will be
- * 12.
- *
- * It is recommended that the function returns quickly in order to not
- * delay the handshake. Use the function to store a copy of the TLS
- * finished message for later use.
- *
- * Since: 2.6.0
- * Deprecated in: 2.11.0
- -*/
-void
-gnutls_session_set_finished_function (gnutls_session_t session,
- gnutls_finished_callback_func func)
-{
- session->internals.finished_func = func;
-}
-
/**
* gnutls_session_is_resumed:
* @session: is a #gnutls_session_t structure.
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index 78f1e38..fed5795 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -177,24 +177,6 @@ gnutls_sign_func
gnutls_sign_callback_get (gnutls_session_t session, void **userdata)
_GNUTLS_GCC_ATTR_DEPRECATED;
-/* We no longer support the finished callback. Use
- * gnutls_session_channel_binding for similar functionality.
- */
- typedef void (*gnutls_finished_callback_func) (gnutls_session_t session,
- const void *finished,
- size_t len);
- void gnutls_session_set_finished_function (gnutls_session_t session,
- gnutls_finished_callback_func
- func)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- int gnutls_psk_netconf_derive_key (const char *password,
- const char *psk_identity,
- const char *psk_identity_hint,
- gnutls_datum_t *
- output_key)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
/* This is a very dangerous and error-prone function.
* Use gnutls_privkey_sign_hash2() instead.
*/
@@ -284,8 +266,4 @@ gnutls_sign_callback_get (gnutls_session_t session, void
**userdata)
unsigned int flags)
_GNUTLS_GCC_ATTR_DEPRECATED;
- /* this is obsolete (?). */
- int gnutls_certificate_verify_peers (gnutls_session_t session)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
#endif /* _GNUTLS_COMPAT_H */
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-122-g8d63e87,
Nikos Mavrogiannopoulos <=