[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-90-g5bd1e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-90-g5bd1eb7 |
|
Date: |
Wed, 09 Feb 2011 22:48:10 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5bd1eb74b78a906b9eda81be94c15d8d91185586
The branch, gnutls_2_12_x has been updated
via 5bd1eb74b78a906b9eda81be94c15d8d91185586 (commit)
via 5f1aea41982a54eb9e83815d35964fce0d22cd63 (commit)
from dd179dbd188da5ee0ecb1d5ba9d1a97a067ce4b8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5bd1eb74b78a906b9eda81be94c15d8d91185586
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Feb 9 23:48:03 2011 +0100
updated openssl layer to new priority functions (untested).
commit 5f1aea41982a54eb9e83815d35964fce0d22cd63
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Feb 9 23:36:37 2011 +0100
removed unused variable.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_sig.c | 1 -
libextra/gnutls_openssl.c | 211 ++++--------------------------------
libextra/includes/gnutls/openssl.h | 6 +-
3 files changed, 22 insertions(+), 196 deletions(-)
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 3087f0f..58ecedc 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -127,7 +127,6 @@ get_hash_algo(gnutls_session_t session, gnutls_cert* cert,
gnutls_digest_algorithm_t *hash_algo)
{
int ret;
-gnutls_protocol_t ver = gnutls_protocol_get_version (session);
if (cert->subject_pk_algorithm == GNUTLS_PK_DSA)
{ /* override */
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index 74feafb..5eadc94 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -231,14 +231,8 @@ SSL_new (SSL_CTX * ctx)
gnutls_init (&ssl->gnutls_state, ctx->method->connend);
- gnutls_protocol_set_priority (ssl->gnutls_state,
- ctx->method->protocol_priority);
- gnutls_cipher_set_priority (ssl->gnutls_state,
- ctx->method->cipher_priority);
- gnutls_compression_set_priority (ssl->gnutls_state,
- ctx->method->comp_priority);
- gnutls_kx_set_priority (ssl->gnutls_state, ctx->method->kx_priority);
- gnutls_mac_set_priority (ssl->gnutls_state, ctx->method->mac_priority);
+ gnutls_priority_set_direct (ssl->gnutls_state,
+ ctx->method->priority_string, NULL);
gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
ssl->gnutls_cred);
@@ -359,25 +353,19 @@ SSL_connect (SSL * ssl)
X509_STORE_CTX *store;
int cert_list_size = 0;
int err;
- int i, j;
- int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
+ char x_priority[256];
/* take options into account before connecting */
memset (x_priority, 0, sizeof (x_priority));
if (ssl->options & SSL_OP_NO_TLSv1)
{
- for (i = 0, j = 0;
- i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
+ snprintf(x_priority, sizeof(x_priority), "%s:-VERS-TLS1.0",
ssl->ctx->method->priority_string);
+ err = gnutls_priority_set_direct(ssl->gnutls_state, x_priority, NULL);
+ if (err < 0)
{
- if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
- j++;
- else
- x_priority[i] = ssl->ctx->method->protocol_priority[j];
+ last_error = err;
+ return 0;
}
- if (i < GNUTLS_MAX_ALGORITHM_NUM)
- x_priority[i] = 0;
- gnutls_protocol_set_priority (ssl->gnutls_state,
- ssl->ctx->method->protocol_priority);
}
err = gnutls_handshake (ssl->gnutls_state);
@@ -414,25 +402,19 @@ SSL_accept (SSL * ssl)
X509_STORE_CTX *store;
int cert_list_size = 0;
int err;
- int i, j;
- int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
- /* take options into account before accepting */
+ char x_priority[256];
+ /* take options into account before connecting */
memset (x_priority, 0, sizeof (x_priority));
if (ssl->options & SSL_OP_NO_TLSv1)
{
- for (i = 0, j = 0;
- i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
+ snprintf(x_priority, sizeof(x_priority), "%s:-VERS-TLS1.0",
ssl->ctx->method->priority_string);
+ err = gnutls_priority_set_direct(ssl->gnutls_state, x_priority, NULL);
+ if (err < 0)
{
- if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
- j++;
- else
- x_priority[i] = ssl->ctx->method->protocol_priority[j];
+ last_error = err;
+ return 0;
}
- if (i < GNUTLS_MAX_ALGORITHM_NUM)
- x_priority[i] = 0;
- gnutls_protocol_set_priority (ssl->gnutls_state,
- ssl->ctx->method->protocol_priority);
}
/* FIXME: dh params, do we want client cert? */
@@ -534,35 +516,7 @@ SSLv23_client_method (void)
if (!m)
return NULL;
- m->protocol_priority[0] = GNUTLS_TLS1;
- m->protocol_priority[1] = GNUTLS_SSL3;
- m->protocol_priority[2] = 0;
-
- m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
- m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
- m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
-#ifdef ENABLE_CAMELLIA
- m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
- m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
- m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[6] = 0;
-#else
- m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[4] = 0;
-#endif
-
- m->comp_priority[0] = GNUTLS_COMP_ZLIB;
- m->comp_priority[1] = GNUTLS_COMP_NULL;
- m->comp_priority[2] = 0;
-
- m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
- m->kx_priority[1] = GNUTLS_KX_RSA;
- m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
- m->kx_priority[3] = 0;
-
- m->mac_priority[0] = GNUTLS_MAC_SHA1;
- m->mac_priority[1] = GNUTLS_MAC_MD5;
- m->mac_priority[2] = 0;
+ strcpy(m->priority_string,
"NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
m->connend = GNUTLS_CLIENT;
@@ -577,36 +531,7 @@ SSLv23_server_method (void)
if (!m)
return NULL;
- m->protocol_priority[0] = GNUTLS_TLS1;
- m->protocol_priority[1] = GNUTLS_SSL3;
- m->protocol_priority[2] = 0;
-
- m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
- m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
- m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
-#ifdef ENABLE_CAMELLIA
- m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
- m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
- m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[6] = 0;
-#else
- m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[4] = 0;
-#endif
-
- m->comp_priority[0] = GNUTLS_COMP_ZLIB;
- m->comp_priority[1] = GNUTLS_COMP_NULL;
- m->comp_priority[2] = 0;
-
- m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
- m->kx_priority[1] = GNUTLS_KX_RSA;
- m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
- m->kx_priority[3] = 0;
-
- m->mac_priority[0] = GNUTLS_MAC_SHA1;
- m->mac_priority[1] = GNUTLS_MAC_MD5;
- m->mac_priority[2] = 0;
-
+ strcpy(m->priority_string,
"NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
m->connend = GNUTLS_SERVER;
return m;
@@ -620,26 +545,7 @@ SSLv3_client_method (void)
if (!m)
return NULL;
- m->protocol_priority[0] = GNUTLS_SSL3;
- m->protocol_priority[2] = 0;
-
- m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
- m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[3] = 0;
-
- m->comp_priority[0] = GNUTLS_COMP_ZLIB;
- m->comp_priority[1] = GNUTLS_COMP_NULL;
- m->comp_priority[2] = 0;
-
- m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
- m->kx_priority[1] = GNUTLS_KX_RSA;
- m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
- m->kx_priority[3] = 0;
-
- m->mac_priority[0] = GNUTLS_MAC_SHA1;
- m->mac_priority[1] = GNUTLS_MAC_MD5;
- m->mac_priority[2] = 0;
-
+ strcpy(m->priority_string,
"NONE:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
m->connend = GNUTLS_CLIENT;
return m;
@@ -653,26 +559,7 @@ SSLv3_server_method (void)
if (!m)
return NULL;
- m->protocol_priority[0] = GNUTLS_SSL3;
- m->protocol_priority[2] = 0;
-
- m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
- m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[3] = 0;
-
- m->comp_priority[0] = GNUTLS_COMP_ZLIB;
- m->comp_priority[1] = GNUTLS_COMP_NULL;
- m->comp_priority[2] = 0;
-
- m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
- m->kx_priority[1] = GNUTLS_KX_RSA;
- m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
- m->kx_priority[3] = 0;
-
- m->mac_priority[0] = GNUTLS_MAC_SHA1;
- m->mac_priority[1] = GNUTLS_MAC_MD5;
- m->mac_priority[2] = 0;
-
+ strcpy(m->priority_string,
"NONE:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
m->connend = GNUTLS_SERVER;
return m;
@@ -686,35 +573,7 @@ TLSv1_client_method (void)
if (!m)
return NULL;
- m->protocol_priority[0] = GNUTLS_TLS1;
- m->protocol_priority[1] = 0;
-
- m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
- m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
- m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
-#ifdef ENABLE_CAMELLIA
- m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
- m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
- m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[6] = 0;
-#else
- m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[4] = 0;
-#endif
-
- m->comp_priority[0] = GNUTLS_COMP_ZLIB;
- m->comp_priority[1] = GNUTLS_COMP_NULL;
- m->comp_priority[2] = 0;
-
- m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
- m->kx_priority[1] = GNUTLS_KX_RSA;
- m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
- m->kx_priority[3] = 0;
-
- m->mac_priority[0] = GNUTLS_MAC_SHA1;
- m->mac_priority[1] = GNUTLS_MAC_MD5;
- m->mac_priority[2] = 0;
-
+ strcpy(m->priority_string,
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
m->connend = GNUTLS_CLIENT;
return m;
@@ -728,35 +587,7 @@ TLSv1_server_method (void)
if (!m)
return NULL;
- m->protocol_priority[0] = GNUTLS_TLS1;
- m->protocol_priority[1] = 0;
-
- m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
- m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
- m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
-#ifdef ENABLE_CAMELLIA
- m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
- m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
- m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[6] = 0;
-#else
- m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
- m->cipher_priority[4] = 0;
-#endif
-
- m->comp_priority[0] = GNUTLS_COMP_ZLIB;
- m->comp_priority[1] = GNUTLS_COMP_NULL;
- m->comp_priority[2] = 0;
-
- m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
- m->kx_priority[1] = GNUTLS_KX_RSA;
- m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
- m->kx_priority[3] = 0;
-
- m->mac_priority[0] = GNUTLS_MAC_SHA1;
- m->mac_priority[1] = GNUTLS_MAC_MD5;
- m->mac_priority[2] = 0;
-
+ strcpy(m->priority_string,
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
m->connend = GNUTLS_SERVER;
return m;
diff --git a/libextra/includes/gnutls/openssl.h
b/libextra/includes/gnutls/openssl.h
index 6397fd4..7ea8b7c 100644
--- a/libextra/includes/gnutls/openssl.h
+++ b/libextra/includes/gnutls/openssl.h
@@ -99,11 +99,7 @@ extern "C"
typedef struct
{
- int protocol_priority[GNUTLS_MAX_ALGORITHM_NUM];
- int cipher_priority[GNUTLS_MAX_ALGORITHM_NUM];
- int comp_priority[GNUTLS_MAX_ALGORITHM_NUM];
- int kx_priority[GNUTLS_MAX_ALGORITHM_NUM];
- int mac_priority[GNUTLS_MAX_ALGORITHM_NUM];
+ char priority_string[256];
gnutls_connection_end_t connend;
} SSL_METHOD;
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-90-g5bd1eb7,
Nikos Mavrogiannopoulos <=