[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-95-g80d4a
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-95-g80d4a80 |
|
Date: |
Thu, 10 Feb 2011 09:35:11 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=80d4a803399eed5124f76f27526f645c626b0727
The branch, gnutls_2_12_x has been updated
via 80d4a803399eed5124f76f27526f645c626b0727 (commit)
via f033f41918fb9ba492aae87c0edd443d88b753ee (commit)
via 7be0177ba7ec053afad03395f76ba0e31f0dce64 (commit)
via f56648482f8605e735a00e27408df8aa6cdf216a (commit)
via c8402c600abe71dcc480faff940f616723516e19 (commit)
from 5bd1eb74b78a906b9eda81be94c15d8d91185586 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 80d4a803399eed5124f76f27526f645c626b0727
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Feb 10 10:34:57 2011 +0100
documented DHE-PSK fix.
commit f033f41918fb9ba492aae87c0edd443d88b753ee
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Feb 10 10:34:47 2011 +0100
deprecated the old priority functions in C++ API.
commit 7be0177ba7ec053afad03395f76ba0e31f0dce64
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Feb 10 10:20:09 2011 +0100
fix in PSK.
commit f56648482f8605e735a00e27408df8aa6cdf216a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Feb 7 16:46:09 2011 +0100
Removed deprecated option such as --protocols, ciphers etc.
commit c8402c600abe71dcc480faff940f616723516e19
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Feb 10 09:56:32 2011 +0100
Callback function is being called in both PSK-DHE and PSK.
Using the callback function will not overwrite the credentials,
which were wrongly being overwritten using the retrieved username/key.
The credentials structure is now accessed for reading only, as it
should have been.
(backported)
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +
lib/auth_dh_common.c | 13 ++-
lib/auth_dh_common.h | 1 +
lib/auth_dhe_psk.c | 35 ++++----
lib/auth_psk.c | 133 +++++++++++++--------------
lib/auth_psk.h | 6 +-
lib/gnutlsxx.cpp | 12 ++--
src/cli-gaa.c | 245 +++++++++++---------------------------------------
src/cli-gaa.h | 58 ++++---------
src/cli.c | 27 ------
src/cli.gaa | 29 +------
src/common.c | 182 -------------------------------------
src/common.h | 7 --
src/serv-gaa.c | 210 +++++++-----------------------------------
src/serv-gaa.h | 26 +-----
src/serv.c | 27 ------
src/serv.gaa | 28 +------
17 files changed, 216 insertions(+), 826 deletions(-)
diff --git a/NEWS b/NEWS
index 56bd526..c021ce2 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,9 @@ See the end for copying conditions.
* Version 2.11.7 (unreleased)
+** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored
+the PSK callback.
+
** libgnutls: SRP and PSK are no longer set on the default priorities.
They have to be explicitly set.
diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c
index 61f8a63..5df743e 100644
--- a/lib/auth_dh_common.c
+++ b/lib/auth_dh_common.c
@@ -105,7 +105,7 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
return ret;
}
- ret = _gnutls_set_psk_session_key (session, &tmp_dh_key);
+ ret = _gnutls_set_psk_session_key (session, NULL, &tmp_dh_key);
_gnutls_free_datum (&tmp_dh_key);
}
@@ -120,8 +120,13 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
return 0;
}
+int _gnutls_gen_dh_common_client_kx (gnutls_session_t session, opaque** data)
+{
+ return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
+}
+
int
-_gnutls_gen_dh_common_client_kx (gnutls_session_t session, opaque ** data)
+_gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, opaque ** data,
gnutls_datum_t* pskkey)
{
bigint_t x = NULL, X = NULL;
size_t n_X;
@@ -179,6 +184,7 @@ _gnutls_gen_dh_common_client_kx (gnutls_session_t session,
opaque ** data)
else /* In DHE_PSK the key is set differently */
{
gnutls_datum_t tmp_dh_key;
+
ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
if (ret < 0)
{
@@ -186,9 +192,8 @@ _gnutls_gen_dh_common_client_kx (gnutls_session_t session,
opaque ** data)
goto error;
}
- ret = _gnutls_set_psk_session_key (session, &tmp_dh_key);
+ ret = _gnutls_set_psk_session_key (session, pskkey, &tmp_dh_key);
_gnutls_free_datum (&tmp_dh_key);
-
}
_gnutls_mpi_release (&session->key->KEY);
diff --git a/lib/auth_dh_common.h b/lib/auth_dh_common.h
index 7a8be7c..b934fd3 100644
--- a/lib/auth_dh_common.h
+++ b/lib/auth_dh_common.h
@@ -36,6 +36,7 @@ typedef struct
} dh_info_st;
void _gnutls_free_dh_info (dh_info_st * dh);
+int _gnutls_gen_dh_common_client_kx_int (gnutls_session_t, opaque **,
gnutls_datum_t* pskkey);
int _gnutls_gen_dh_common_client_kx (gnutls_session_t, opaque **);
int _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
opaque * data, size_t _data_size,
diff --git a/lib/auth_dhe_psk.c b/lib/auth_dhe_psk.c
index 85e1452..a338117 100644
--- a/lib/auth_dhe_psk.c
+++ b/lib/auth_dhe_psk.c
@@ -65,52 +65,53 @@ const mod_auth_st dhe_psk_auth_struct = {
static int
gen_psk_client_kx (gnutls_session_t session, opaque ** data)
{
- int ret;
+ int ret, free;
opaque *tmp_data = NULL;
int data_size, tmp_data_size;
gnutls_psk_client_credentials_t cred;
+ gnutls_datum_t username, key;
cred = (gnutls_psk_client_credentials_t)
_gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
- if (cred->username.data == NULL || cred->key.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+
+ ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
/* The PSK key is set in there */
- ret = _gnutls_gen_dh_common_client_kx (session, &tmp_data);
+ ret = _gnutls_gen_dh_common_client_kx_int (session, &tmp_data, &key);
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto cleanup;
}
tmp_data_size = ret;
- data_size = tmp_data_size + cred->username.size + 2;
+ data_size = tmp_data_size + username.size + 2;
(*data) = gnutls_malloc (data_size);
if ((*data) == NULL)
{
gnutls_assert ();
ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
+ goto cleanup;
}
- _gnutls_write_datum16 (*data, cred->username);
- memcpy (&(*data)[cred->username.size + 2], tmp_data, tmp_data_size);
+ _gnutls_write_datum16 (*data, username);
+ memcpy (&(*data)[username.size + 2], tmp_data, tmp_data_size);
ret = data_size;
-error:
+cleanup:
gnutls_free (tmp_data);
+ if (free)
+ _gnutls_free_datum(&username);
+ _gnutls_free_datum(&key);
+
return ret;
}
diff --git a/lib/auth_psk.c b/lib/auth_psk.c
index 43f400a..414e3b1 100644
--- a/lib/auth_psk.c
+++ b/lib/auth_psk.c
@@ -65,30 +65,14 @@ const mod_auth_st psk_auth_struct = {
*/
int
_gnutls_set_psk_session_key (gnutls_session_t session,
- gnutls_datum_t * dh_secret)
+ gnutls_datum_t * ppsk /* key */,
+ gnutls_datum_t * dh_secret)
{
gnutls_datum_t pwd_psk = { NULL, 0 };
- gnutls_datum_t *ppsk;
size_t dh_secret_size;
int ret;
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- gnutls_psk_client_credentials_t cred;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- ppsk = &cred->key;
-
- }
- else
+ if (session->security_parameters.entity == GNUTLS_SERVER)
{ /* SERVER side */
psk_auth_info_t info;
@@ -142,6 +126,41 @@ error:
return ret;
}
+/* returns the username and they key for the PSK session.
+ * Free is non zero if they have to be freed.
+ */
+int _gnutls_find_psk_key( gnutls_session_t session,
gnutls_psk_client_credentials_t cred,
+ gnutls_datum_t * username, gnutls_datum* key, int* free)
+{
+char* user_p;
+int ret;
+
+ *free = 0;
+
+ if (cred->username.data != NULL && cred->key.data != NULL)
+ {
+ username->data = cred->username.data;
+ username->size = cred->username.size;
+ key->data = cred->key.data;
+ key->size = cred->key.size;
+ }
+ else if (cred->get_function != NULL)
+ {
+ ret = cred->get_function (session, &user_p, key);
+ if (ret)
+ return gnutls_assert_val(ret);
+
+ username->data = user_p;
+ username->size = strlen(user_p);
+
+ *free = 1;
+ }
+ else
+ return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ return 0;
+}
+
/* Generates the PSK client key exchange
*
@@ -156,7 +175,9 @@ error:
int
_gnutls_gen_psk_client_kx (gnutls_session_t session, opaque ** data)
{
- int ret;
+ int ret, free;
+ gnutls_datum_t username;
+ gnutls_datum_t key;
gnutls_psk_client_credentials_t cred;
cred = (gnutls_psk_client_credentials_t)
@@ -168,59 +189,35 @@ _gnutls_gen_psk_client_kx (gnutls_session_t session,
opaque ** data)
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- if (cred->username.data == NULL && cred->key.data == NULL &&
- cred->get_function != NULL)
- {
- char *username;
- gnutls_datum_t key;
-
- ret = cred->get_function (session, &username, &key);
- if (ret)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_set_datum (&cred->username, username, strlen (username));
- gnutls_free (username);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&key);
- return ret;
- }
-
- ret = _gnutls_set_datum (&cred->key, key.data, key.size);
- _gnutls_free_datum (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else if (cred->username.data == NULL || cred->key.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_set_psk_session_key (session, NULL);
+ ret = _gnutls_set_psk_session_key (session, &key, NULL);
if (ret < 0)
{
- gnutls_assert ();
- return ret;
+ gnutls_assert();
+ goto cleanup;
}
-
- (*data) = gnutls_malloc (2 + cred->username.size);
+
+ (*data) = gnutls_malloc (2 + username.size);
if ((*data) == NULL)
{
gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
}
- _gnutls_write_datum16 (*data, cred->username);
+ _gnutls_write_datum16 (*data, username);
- return (cred->username.size + 2);
+cleanup:
+ if (free)
+ {
+ gnutls_free(username.data);
+ gnutls_free(key.data);
+ }
+
+ return (username.size + 2);
}
@@ -274,7 +271,7 @@ _gnutls_proc_psk_client_kx (gnutls_session_t session,
opaque * data,
memcpy (info->username, username.data, username.size);
info->username[username.size] = 0;
- ret = _gnutls_set_psk_session_key (session, NULL);
+ ret = _gnutls_set_psk_session_key (session, NULL, NULL);
if (ret < 0)
{
gnutls_assert ();
@@ -346,10 +343,10 @@ _gnutls_proc_psk_server_kx (gnutls_session_t session,
opaque * data,
ssize_t data_size = _data_size;
int ret;
gnutls_datum_t hint;
- gnutls_psk_server_credentials_t cred;
+ gnutls_psk_client_credentials_t cred;
psk_auth_info_t info;
- cred = (gnutls_psk_server_credentials_t)
+ cred = (gnutls_psk_client_credentials_t)
_gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
@@ -386,7 +383,7 @@ _gnutls_proc_psk_server_kx (gnutls_session_t session,
opaque * data,
memcpy (info->hint, hint.data, hint.size);
info->hint[hint.size] = 0;
- ret = _gnutls_set_psk_session_key (session, NULL);
+ ret = _gnutls_set_psk_session_key (session, &cred->key, NULL);
if (ret < 0)
{
gnutls_assert ();
@@ -399,4 +396,4 @@ error:
return ret;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_PSK */
diff --git a/lib/auth_psk.h b/lib/auth_psk.h
index c79da6b..40e88f1 100644
--- a/lib/auth_psk.h
+++ b/lib/auth_psk.h
@@ -68,7 +68,11 @@ typedef struct psk_auth_info_st
typedef struct psk_auth_info_st psk_auth_info_st;
int
-_gnutls_set_psk_session_key (gnutls_session_t session, gnutls_datum_t * psk2);
+_gnutls_set_psk_session_key (gnutls_session_t session, gnutls_datum_t* key,
gnutls_datum_t * psk2);
+
+int _gnutls_find_psk_key( gnutls_session_t session,
gnutls_psk_client_credentials_t cred,
+ gnutls_datum_t * username, gnutls_datum* key, int* free);
+
#else
#define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR
#endif /* ENABLE_PSK */
diff --git a/lib/gnutlsxx.cpp b/lib/gnutlsxx.cpp
index 400d87b..1243c40 100644
--- a/lib/gnutlsxx.cpp
+++ b/lib/gnutlsxx.cpp
@@ -163,32 +163,32 @@ namespace gnutls
void session::set_cipher_priority (const int *list)
{
- RETWRAP (gnutls_cipher_set_priority (s, list));
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
void session::set_mac_priority (const int *list)
{
- RETWRAP (gnutls_mac_set_priority (s, list));
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
void session::set_compression_priority (const int *list)
{
- RETWRAP (gnutls_compression_set_priority (s, list));
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
void session::set_kx_priority (const int *list)
{
- RETWRAP (gnutls_kx_set_priority (s, list));
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
void session::set_protocol_priority (const int *list)
{
- RETWRAP (gnutls_protocol_set_priority (s, list));
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
void session::set_certificate_type_priority (const int *list)
{
- RETWRAP (gnutls_certificate_type_set_priority (s, list));
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
diff --git a/src/cli-gaa.c b/src/cli-gaa.c
index 1d633ca..76042d6 100644
--- a/src/cli-gaa.c
+++ b/src/cli-gaa.c
@@ -139,12 +139,6 @@ void gaa_help(void)
__gaa_helpsingle(0, "print-cert", "", "Print the certificate in PEM
format.");
__gaa_helpsingle(0, "recordsize", "integer ", "The maximum record size
to advertize.");
__gaa_helpsingle('V', "verbose", "", "More verbose output.");
- __gaa_helpsingle(0, "ciphers", "cipher1 cipher2... ", "Ciphers to
enable.");
- __gaa_helpsingle(0, "protocols", "protocol1 protocol2... ", "Protocols
to enable.");
- __gaa_helpsingle(0, "comp", "comp1 comp2... ", "Compression methods to
enable.");
- __gaa_helpsingle(0, "macs", "mac1 mac2... ", "MACs to enable.");
- __gaa_helpsingle(0, "kx", "kx1 kx2... ", "Key exchange methods to
enable.");
- __gaa_helpsingle(0, "ctypes", "certType1 certType2... ", "Certificate
types to enable.");
__gaa_helpsingle(0, "priority", "PRIORITY STRING ", "Priorities
string.");
__gaa_helpsingle(0, "x509cafile", "FILE ", "Certificate file or PKCS
#11 URL to use.");
__gaa_helpsingle(0, "x509crlfile", "FILE ", "CRL file to use.");
@@ -178,64 +172,40 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 127 "cli.gaa"
+#line 103 "cli.gaa"
char *rest_args;
-#line 119 "cli.gaa"
+#line 95 "cli.gaa"
int insecure;
-#line 116 "cli.gaa"
+#line 92 "cli.gaa"
char *port;
-#line 113 "cli.gaa"
+#line 89 "cli.gaa"
char *opaque_prf_input;
-#line 110 "cli.gaa"
+#line 86 "cli.gaa"
char *psk_key;
-#line 107 "cli.gaa"
+#line 83 "cli.gaa"
char *psk_username;
-#line 104 "cli.gaa"
+#line 80 "cli.gaa"
char *srp_passwd;
-#line 101 "cli.gaa"
+#line 77 "cli.gaa"
char *srp_username;
-#line 98 "cli.gaa"
+#line 74 "cli.gaa"
char *x509_certfile;
-#line 95 "cli.gaa"
+#line 71 "cli.gaa"
char *x509_keyfile;
-#line 92 "cli.gaa"
+#line 68 "cli.gaa"
char *pgp_subkey;
-#line 89 "cli.gaa"
+#line 65 "cli.gaa"
char *pgp_certfile;
-#line 86 "cli.gaa"
+#line 62 "cli.gaa"
char *pgp_keyring;
-#line 83 "cli.gaa"
+#line 59 "cli.gaa"
char *pgp_keyfile;
-#line 80 "cli.gaa"
+#line 56 "cli.gaa"
char *x509_crlfile;
-#line 77 "cli.gaa"
+#line 53 "cli.gaa"
char *x509_cafile;
-#line 74 "cli.gaa"
- char *priorities;
-#line 71 "cli.gaa"
- char **ctype;
-#line 70 "cli.gaa"
- int nctype;
-#line 67 "cli.gaa"
- char **kx;
-#line 66 "cli.gaa"
- int nkx;
-#line 63 "cli.gaa"
- char **macs;
-#line 62 "cli.gaa"
- int nmacs;
-#line 59 "cli.gaa"
- char **comp;
-#line 58 "cli.gaa"
- int ncomp;
-#line 55 "cli.gaa"
- char **proto;
-#line 54 "cli.gaa"
- int nproto;
-#line 51 "cli.gaa"
- char **ciphers;
#line 50 "cli.gaa"
- int nciphers;
+ char *priorities;
#line 47 "cli.gaa"
int verbose;
#line 44 "cli.gaa"
@@ -314,7 +284,7 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 37
+#define GAA_NB_OPTION 31
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_list 3
@@ -334,24 +304,18 @@ static int gaa_error = 0;
#define GAAOPTID_x509crlfile 17
#define GAAOPTID_x509cafile 18
#define GAAOPTID_priority 19
-#define GAAOPTID_ctypes 20
-#define GAAOPTID_kx 21
-#define GAAOPTID_macs 22
-#define GAAOPTID_comp 23
-#define GAAOPTID_protocols 24
-#define GAAOPTID_ciphers 25
-#define GAAOPTID_verbose 26
-#define GAAOPTID_recordsize 27
-#define GAAOPTID_print_cert 28
-#define GAAOPTID_disable_extensions 29
-#define GAAOPTID_fingerprint 30
-#define GAAOPTID_x509fmtder 31
-#define GAAOPTID_crlf 32
-#define GAAOPTID_starttls 33
-#define GAAOPTID_noticket 34
-#define GAAOPTID_rehandshake 35
-#define GAAOPTID_resume 36
-#define GAAOPTID_debug 37
+#define GAAOPTID_verbose 20
+#define GAAOPTID_recordsize 21
+#define GAAOPTID_print_cert 22
+#define GAAOPTID_disable_extensions 23
+#define GAAOPTID_fingerprint 24
+#define GAAOPTID_x509fmtder 25
+#define GAAOPTID_crlf 26
+#define GAAOPTID_starttls 27
+#define GAAOPTID_noticket 28
+#define GAAOPTID_rehandshake 29
+#define GAAOPTID_resume 30
+#define GAAOPTID_debug 31
#line 168 "gaa.skel"
@@ -628,42 +592,6 @@ struct GAAOPTION_priority
int size1;
};
-struct GAAOPTION_ctypes
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_kx
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_macs
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_comp
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_protocols
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_ciphers
-{
- char** arg1;
- int size1;
-};
-
struct GAAOPTION_recordsize
{
int arg1;
@@ -727,12 +655,6 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("", GAAOPTID_x509crlfile);
GAA_CHECK1STR("", GAAOPTID_x509cafile);
GAA_CHECK1STR("", GAAOPTID_priority);
- GAA_CHECK1STR("", GAAOPTID_ctypes);
- GAA_CHECK1STR("", GAAOPTID_kx);
- GAA_CHECK1STR("", GAAOPTID_macs);
- GAA_CHECK1STR("", GAAOPTID_comp);
- GAA_CHECK1STR("", GAAOPTID_protocols);
- GAA_CHECK1STR("", GAAOPTID_ciphers);
GAA_CHECK1STR("", GAAOPTID_recordsize);
GAA_CHECK1STR("d", GAAOPTID_debug);
case GAA_MULTIPLE_OPTION:
@@ -774,12 +696,6 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("x509crlfile", GAAOPTID_x509crlfile);
GAA_CHECKSTR("x509cafile", GAAOPTID_x509cafile);
GAA_CHECKSTR("priority", GAAOPTID_priority);
- GAA_CHECKSTR("ctypes", GAAOPTID_ctypes);
- GAA_CHECKSTR("kx", GAAOPTID_kx);
- GAA_CHECKSTR("macs", GAAOPTID_macs);
- GAA_CHECKSTR("comp", GAAOPTID_comp);
- GAA_CHECKSTR("protocols", GAAOPTID_protocols);
- GAA_CHECKSTR("ciphers", GAAOPTID_ciphers);
GAA_CHECKSTR("verbose", GAAOPTID_verbose);
GAA_CHECKSTR("recordsize", GAAOPTID_recordsize);
GAA_CHECKSTR("print-cert", GAAOPTID_print_cert);
@@ -819,12 +735,6 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
struct GAAOPTION_x509crlfile GAATMP_x509crlfile;
struct GAAOPTION_x509cafile GAATMP_x509cafile;
struct GAAOPTION_priority GAATMP_priority;
- struct GAAOPTION_ctypes GAATMP_ctypes;
- struct GAAOPTION_kx GAATMP_kx;
- struct GAAOPTION_macs GAATMP_macs;
- struct GAAOPTION_comp GAATMP_comp;
- struct GAAOPTION_protocols GAATMP_protocols;
- struct GAAOPTION_ciphers GAATMP_ciphers;
struct GAAOPTION_recordsize GAATMP_recordsize;
struct GAAOPTION_debug GAATMP_debug;
@@ -849,28 +759,28 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
case GAAOPTID_version:
OK = 0;
-#line 125 "cli.gaa"
+#line 101 "cli.gaa"
{ cli_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 123 "cli.gaa"
+#line 99 "cli.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_list:
OK = 0;
-#line 122 "cli.gaa"
+#line 98 "cli.gaa"
{ print_list(gaaval->verbose); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_insecure:
OK = 0;
-#line 120 "cli.gaa"
+#line 96 "cli.gaa"
{ gaaval->insecure = 1 ;};
return GAA_OK;
@@ -880,7 +790,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_port.arg1, gaa_getstr, GAATMP_port.size1);
gaa_index++;
-#line 117 "cli.gaa"
+#line 93 "cli.gaa"
{ gaaval->port = GAATMP_port.arg1 ;};
return GAA_OK;
@@ -890,7 +800,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_opaque_prf_input.arg1, gaa_getstr,
GAATMP_opaque_prf_input.size1);
gaa_index++;
-#line 114 "cli.gaa"
+#line 90 "cli.gaa"
{ gaaval->opaque_prf_input = GAATMP_opaque_prf_input.arg1 ;};
return GAA_OK;
@@ -900,7 +810,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pskkey.arg1, gaa_getstr, GAATMP_pskkey.size1);
gaa_index++;
-#line 111 "cli.gaa"
+#line 87 "cli.gaa"
{ gaaval->psk_key = GAATMP_pskkey.arg1 ;};
return GAA_OK;
@@ -910,7 +820,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pskusername.arg1, gaa_getstr,
GAATMP_pskusername.size1);
gaa_index++;
-#line 108 "cli.gaa"
+#line 84 "cli.gaa"
{ gaaval->psk_username = GAATMP_pskusername.arg1 ;};
return GAA_OK;
@@ -920,7 +830,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr,
GAATMP_srppasswd.size1);
gaa_index++;
-#line 105 "cli.gaa"
+#line 81 "cli.gaa"
{ gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;};
return GAA_OK;
@@ -930,7 +840,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr,
GAATMP_srpusername.size1);
gaa_index++;
-#line 102 "cli.gaa"
+#line 78 "cli.gaa"
{ gaaval->srp_username = GAATMP_srpusername.arg1 ;};
return GAA_OK;
@@ -940,7 +850,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr,
GAATMP_x509certfile.size1);
gaa_index++;
-#line 99 "cli.gaa"
+#line 75 "cli.gaa"
{ gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;};
return GAA_OK;
@@ -950,7 +860,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr,
GAATMP_x509keyfile.size1);
gaa_index++;
-#line 96 "cli.gaa"
+#line 72 "cli.gaa"
{ gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;};
return GAA_OK;
@@ -960,7 +870,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpsubkey.arg1, gaa_getstr,
GAATMP_pgpsubkey.size1);
gaa_index++;
-#line 93 "cli.gaa"
+#line 69 "cli.gaa"
{ gaaval->pgp_subkey = GAATMP_pgpsubkey.arg1 ;};
return GAA_OK;
@@ -970,7 +880,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr,
GAATMP_pgpcertfile.size1);
gaa_index++;
-#line 90 "cli.gaa"
+#line 66 "cli.gaa"
{ gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;};
return GAA_OK;
@@ -980,7 +890,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr,
GAATMP_pgpkeyring.size1);
gaa_index++;
-#line 87 "cli.gaa"
+#line 63 "cli.gaa"
{ gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;};
return GAA_OK;
@@ -990,7 +900,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr,
GAATMP_pgpkeyfile.size1);
gaa_index++;
-#line 84 "cli.gaa"
+#line 60 "cli.gaa"
{ gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;};
return GAA_OK;
@@ -1000,7 +910,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509crlfile.arg1, gaa_getstr,
GAATMP_x509crlfile.size1);
gaa_index++;
-#line 81 "cli.gaa"
+#line 57 "cli.gaa"
{ gaaval->x509_crlfile = GAATMP_x509crlfile.arg1 ;};
return GAA_OK;
@@ -1010,7 +920,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr,
GAATMP_x509cafile.size1);
gaa_index++;
-#line 78 "cli.gaa"
+#line 54 "cli.gaa"
{ gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;};
return GAA_OK;
@@ -1020,59 +930,11 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_priority.arg1, gaa_getstr,
GAATMP_priority.size1);
gaa_index++;
-#line 75 "cli.gaa"
+#line 51 "cli.gaa"
{ gaaval->priorities = GAATMP_priority.arg1 ;};
return GAA_OK;
break;
- case GAAOPTID_ctypes:
- OK = 0;
- GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*,
GAATMP_ctypes.size1);
-#line 72 "cli.gaa"
-{ gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_kx:
- OK = 0;
- GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*,
GAATMP_kx.size1);
-#line 68 "cli.gaa"
-{ gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_macs:
- OK = 0;
- GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*,
GAATMP_macs.size1);
-#line 64 "cli.gaa"
-{ gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_comp:
- OK = 0;
- GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*,
GAATMP_comp.size1);
-#line 60 "cli.gaa"
-{ gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_protocols:
- OK = 0;
- GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*,
GAATMP_protocols.size1);
-#line 56 "cli.gaa"
-{ gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto =
GAATMP_protocols.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_ciphers:
- OK = 0;
- GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*,
GAATMP_ciphers.size1);
-#line 52 "cli.gaa"
-{ gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers =
GAATMP_ciphers.size1 ;};
-
- return GAA_OK;
- break;
case GAAOPTID_verbose:
OK = 0;
#line 48 "cli.gaa"
@@ -1167,7 +1029,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAAREST_tmp.arg1, gaa_getstr, GAAREST_tmp.size1);
gaa_index++;
-#line 128 "cli.gaa"
+#line 104 "cli.gaa"
{ gaaval->rest_args = GAAREST_tmp.arg1; ;};
return GAA_OK;
@@ -1196,10 +1058,9 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 130 "cli.gaa"
-{ gaaval->resume=0; gaaval->noticket=0; gaaval->port="443";
gaaval->rest_args=NULL; gaaval->ciphers=NULL;
- gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL;
gaaval->ctype=NULL; gaaval->nciphers=0;
- gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0;
gaaval->record_size=0;
+#line 106 "cli.gaa"
+{ gaaval->resume=0; gaaval->noticket=0; gaaval->port="443";
gaaval->rest_args=NULL;
+ gaaval->record_size=0;
gaaval->fingerprint=0; gaaval->pgp_keyring=NULL; gaaval->x509_crlfile =
NULL;
gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL;
gaaval->pgp_certfile=NULL; gaaval->disable_extensions = 0;
gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->crlf =
0;
diff --git a/src/cli-gaa.h b/src/cli-gaa.h
index 2627d4a..59117f3 100644
--- a/src/cli-gaa.h
+++ b/src/cli-gaa.h
@@ -8,64 +8,40 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 127 "cli.gaa"
+#line 103 "cli.gaa"
char *rest_args;
-#line 119 "cli.gaa"
+#line 95 "cli.gaa"
int insecure;
-#line 116 "cli.gaa"
+#line 92 "cli.gaa"
char *port;
-#line 113 "cli.gaa"
+#line 89 "cli.gaa"
char *opaque_prf_input;
-#line 110 "cli.gaa"
+#line 86 "cli.gaa"
char *psk_key;
-#line 107 "cli.gaa"
+#line 83 "cli.gaa"
char *psk_username;
-#line 104 "cli.gaa"
+#line 80 "cli.gaa"
char *srp_passwd;
-#line 101 "cli.gaa"
+#line 77 "cli.gaa"
char *srp_username;
-#line 98 "cli.gaa"
+#line 74 "cli.gaa"
char *x509_certfile;
-#line 95 "cli.gaa"
+#line 71 "cli.gaa"
char *x509_keyfile;
-#line 92 "cli.gaa"
+#line 68 "cli.gaa"
char *pgp_subkey;
-#line 89 "cli.gaa"
+#line 65 "cli.gaa"
char *pgp_certfile;
-#line 86 "cli.gaa"
+#line 62 "cli.gaa"
char *pgp_keyring;
-#line 83 "cli.gaa"
+#line 59 "cli.gaa"
char *pgp_keyfile;
-#line 80 "cli.gaa"
+#line 56 "cli.gaa"
char *x509_crlfile;
-#line 77 "cli.gaa"
+#line 53 "cli.gaa"
char *x509_cafile;
-#line 74 "cli.gaa"
- char *priorities;
-#line 71 "cli.gaa"
- char **ctype;
-#line 70 "cli.gaa"
- int nctype;
-#line 67 "cli.gaa"
- char **kx;
-#line 66 "cli.gaa"
- int nkx;
-#line 63 "cli.gaa"
- char **macs;
-#line 62 "cli.gaa"
- int nmacs;
-#line 59 "cli.gaa"
- char **comp;
-#line 58 "cli.gaa"
- int ncomp;
-#line 55 "cli.gaa"
- char **proto;
-#line 54 "cli.gaa"
- int nproto;
-#line 51 "cli.gaa"
- char **ciphers;
#line 50 "cli.gaa"
- int nciphers;
+ char *priorities;
#line 47 "cli.gaa"
int verbose;
#line 44 "cli.gaa"
diff --git a/src/cli.c b/src/cli.c
index 0b065f8..c3aa050 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -84,13 +84,6 @@ static gnutls_certificate_credentials_t xcred;
static gaainfo info;
-static int protocol_priority[PRI_MAX];
-static int kx_priority[PRI_MAX];
-static int cipher_priority[PRI_MAX];
-static int comp_priority[PRI_MAX];
-static int mac_priority[PRI_MAX];
-static int cert_type_priority[PRI_MAX];
-
/* end of global stuff */
/* prototypes */
@@ -573,21 +566,8 @@ init_tls_session (const char *hostname)
gnutls_handshake_set_private_extensions (session, 1);
gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
strlen (hostname));
- if (cert_type_priority[0])
- gnutls_certificate_type_set_priority (session, cert_type_priority);
}
- if (cipher_priority[0])
- gnutls_cipher_set_priority (session, cipher_priority);
- if (comp_priority[0])
- gnutls_compression_set_priority (session, comp_priority);
- if (kx_priority[0])
- gnutls_kx_set_priority (session, kx_priority);
- if (protocol_priority[0])
- gnutls_protocol_set_priority (session, protocol_priority);
- if (mac_priority[0])
- gnutls_mac_set_priority (session, mac_priority);
-
gnutls_dh_set_prime_bits (session, 512);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
@@ -1033,13 +1013,6 @@ gaa_parser (int argc, char **argv)
hostname = "localhost";
else
hostname = info.rest_args;
-
- parse_protocols (info.proto, info.nproto, protocol_priority);
- parse_ciphers (info.ciphers, info.nciphers, cipher_priority);
- parse_macs (info.macs, info.nmacs, mac_priority);
- parse_ctypes (info.ctype, info.nctype, cert_type_priority);
- parse_kx (info.kx, info.nkx, kx_priority);
- parse_comp (info.comp, info.ncomp, comp_priority);
}
void cli_version (void);
diff --git a/src/cli.gaa b/src/cli.gaa
index 7cd0084..d7997d4 100644
--- a/src/cli.gaa
+++ b/src/cli.gaa
@@ -47,30 +47,6 @@ option (recordsize) INT "integer" { $record_size = $1 } "The
maximum record size
#int verbose;
option (V, verbose) { $verbose = 1 } "More verbose output."
-#int nciphers;
-#char **ciphers;
-option (ciphers) *STR "cipher1 cipher2..." { $ciphers = $1; $nciphers = @1 }
"Ciphers to enable."
-
-#int nproto;
-#char **proto;
-option (protocols) *STR "protocol1 protocol2..." { $proto = $1; $nproto = @1 }
"Protocols to enable."
-
-#int ncomp;
-#char **comp;
-option (comp) *STR "comp1 comp2..." { $comp = $1; $ncomp = @1 } "Compression
methods to enable."
-
-#int nmacs;
-#char **macs;
-option (macs) *STR "mac1 mac2..." { $macs = $1; $nmacs = @1 } "MACs to enable."
-
-#int nkx;
-#char **kx;
-option (kx) *STR "kx1 kx2..." { $kx = $1; $nkx = @1 } "Key exchange methods to
enable."
-
-#int nctype;
-#char **ctype;
-option (ctypes) *STR "certType1 certType2..." { $ctype = $1; $nctype = @1 }
"Certificate types to enable."
-
#char *priorities;
option (priority) STR "PRIORITY STRING" { $priorities = $1 } "Priorities
string."
@@ -127,9 +103,8 @@ option (v, version) { cli_version(); exit(0); } "prints the
program's version nu
#char *rest_args;
rest STR "hostname" { $rest_args = $1; }
-init { $resume=0; $noticket=0; $port="443"; $rest_args=NULL; $ciphers=NULL;
- $kx=NULL; $comp=NULL; $macs=NULL; $ctype=NULL; $nciphers=0;
- $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0;
+init { $resume=0; $noticket=0; $port="443"; $rest_args=NULL;
+ $record_size=0;
$fingerprint=0; $pgp_keyring=NULL; $x509_crlfile = NULL;
$x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL;
$disable_extensions = 0;
$x509_keyfile=NULL; $x509_certfile=NULL; $crlf = 0;
diff --git a/src/common.c b/src/common.c
index a397176..81bb153 100644
--- a/src/common.c
+++ b/src/common.c
@@ -686,188 +686,6 @@ print_list (int verbose)
}
}
-static int depr_printed = 0;
-#define DEPRECATED if (depr_printed==0) { \
- fprintf(stderr, "This method of specifying algorithms is deprecated. Please
use the --priority option.\n"); \
- depr_printed = 1; \
- }
-
-void
-parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
-{
- int i, j;
-
- if (protocols != NULL && protocols_size > 0)
- {
- DEPRECATED;
-
- for (j = i = 0; i < protocols_size; i++)
- {
- if (strncasecmp (protocols[i], "SSL", 3) == 0)
- protocol_priority[j++] = GNUTLS_SSL3;
- else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
- protocol_priority[j++] = GNUTLS_TLS1_1;
- else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
- protocol_priority[j++] = GNUTLS_TLS1_2;
- else if (strncasecmp (protocols[i], "TLS", 3) == 0)
- protocol_priority[j++] = GNUTLS_TLS1_0;
- else
- fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
- }
- protocol_priority[j] = 0;
- }
-}
-
-void
-parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
-{
- int j, i;
-
-
- if (ciphers != NULL && nciphers > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < nciphers; i++)
- {
- if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
- else if (strncasecmp (ciphers[i], "AES", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
- else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
- else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
- else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
-#ifdef ENABLE_CAMELLIA
- else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
- else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
-#endif
- else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_NULL;
- else
- fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
- }
- cipher_priority[j] = 0;
- }
-}
-
-void
-parse_macs (char **macs, int nmacs, int *mac_priority)
-{
- int i, j;
-
-
- if (macs != NULL && nmacs > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < nmacs; i++)
- {
- if (strncasecmp (macs[i], "MD5", 3) == 0)
- mac_priority[j++] = GNUTLS_MAC_MD5;
- else if (strncasecmp (macs[i], "RMD", 3) == 0)
- mac_priority[j++] = GNUTLS_MAC_RMD160;
- else if (strncasecmp (macs[i], "SHA512", 6) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA512;
- else if (strncasecmp (macs[i], "SHA384", 6) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA384;
- else if (strncasecmp (macs[i], "SHA256", 6) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA256;
- else if (strncasecmp (macs[i], "SHA", 3) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA1;
- else
- fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
- }
- mac_priority[j] = 0;
- }
-}
-
-void
-parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
-{
- int i, j;
-
- if (ctype != NULL && nctype > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < nctype; i++)
- {
- if (strncasecmp (ctype[i], "OPE", 3) == 0)
- cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
- else if (strncasecmp (ctype[i], "X", 1) == 0)
- cert_type_priority[j++] = GNUTLS_CRT_X509;
- else
- fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
- }
- cert_type_priority[j] = 0;
- }
-}
-
-void
-parse_kx (char **kx, int nkx, int *kx_priority)
-{
- int i, j;
-
-
- if (kx != NULL && nkx > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < nkx; i++)
- {
- if (strcasecmp (kx[i], "SRP") == 0)
- kx_priority[j++] = GNUTLS_KX_SRP;
- else if (strcasecmp (kx[i], "SRP-RSA") == 0)
- kx_priority[j++] = GNUTLS_KX_SRP_RSA;
- else if (strcasecmp (kx[i], "SRP-DSS") == 0)
- kx_priority[j++] = GNUTLS_KX_SRP_DSS;
- else if (strcasecmp (kx[i], "RSA") == 0)
- kx_priority[j++] = GNUTLS_KX_RSA;
- else if (strcasecmp (kx[i], "PSK") == 0)
- kx_priority[j++] = GNUTLS_KX_PSK;
- else if (strcasecmp (kx[i], "DHE-PSK") == 0)
- kx_priority[j++] = GNUTLS_KX_DHE_PSK;
- else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
- kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
- else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
- kx_priority[j++] = GNUTLS_KX_DHE_RSA;
- else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
- kx_priority[j++] = GNUTLS_KX_DHE_DSS;
- else if (strncasecmp (kx[i], "ANON", 4) == 0)
- kx_priority[j++] = GNUTLS_KX_ANON_DH;
- else
- fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
- }
- kx_priority[j] = 0;
- }
-}
-
-void
-parse_comp (char **comp, int ncomp, int *comp_priority)
-{
- int i, j;
-
- if (comp != NULL && ncomp > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < ncomp; i++)
- {
- if (strncasecmp (comp[i], "NUL", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_NULL;
- else if (strncasecmp (comp[i], "ZLI", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_DEFLATE;
- else if (strncasecmp (comp[i], "DEF", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_DEFLATE;
- else if (strncasecmp (comp[i], "LZO", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_LZO;
- else
- fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
- }
- comp_priority[j] = 0;
- }
-}
-
void
sockets_init (void)
{
diff --git a/src/common.h b/src/common.h
index 78d5e35..4a7e1aa 100644
--- a/src/common.h
+++ b/src/common.h
@@ -31,13 +31,6 @@ void print_cert_info (gnutls_session_t state, const char
*hostname,
int insecure);
void print_list (int verbose);
-void parse_comp (char **comp, int ncomp, int *comp_priority);
-void parse_kx (char **kx, int nkx, int *kx_priority);
-void parse_ctypes (char **ctype, int nctype, int *cert_type_priority);
-void parse_macs (char **macs, int nmacs, int *mac_priority);
-void parse_ciphers (char **ciphers, int nciphers, int *cipher_priority);
-void parse_protocols (char **protocols, int protocols_size,
- int *protocol_priority);
const char *raw_to_string (const unsigned char *raw, size_t raw_size);
int service_to_port (const char *service);
void pkcs11_common (void);
diff --git a/src/serv-gaa.c b/src/serv-gaa.c
index 7e502aa..52e904d 100644
--- a/src/serv-gaa.c
+++ b/src/serv-gaa.c
@@ -152,12 +152,6 @@ void gaa_help(void)
__gaa_helpsingle(0, "srppasswd", "FILE ", "SRP password file to use.");
__gaa_helpsingle(0, "srppasswdconf", "FILE ", "SRP password conf file
to use.");
__gaa_helpsingle(0, "opaque-prf-input", "DATA ", "Use Opaque PRF Input
DATA.");
- __gaa_helpsingle(0, "ciphers", "cipher1 cipher2... ", "Ciphers to
enable.");
- __gaa_helpsingle(0, "protocols", "protocol1 protocol2... ", "Protocols
to enable.");
- __gaa_helpsingle(0, "comp", "comp1 comp2... ", "Compression methods to
enable.");
- __gaa_helpsingle(0, "macs", "mac1 mac2... ", "MACs to enable.");
- __gaa_helpsingle(0, "kx", "kx1 kx2... ", "Key exchange methods to
enable.");
- __gaa_helpsingle(0, "ctypes", "certType1 certType2... ", "Certificate
types to enable.");
__gaa_helpsingle(0, "priority", "PRIORITY STRING ", "Priorities
string.");
__gaa_helpsingle('l', "list", "", "Print a list of the supported
algorithms and modes.");
__gaa_helpsingle('h', "help", "", "prints this help");
@@ -176,32 +170,8 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 115 "serv.gaa"
- char *priorities;
-#line 112 "serv.gaa"
- char **ctype;
-#line 111 "serv.gaa"
- int nctype;
-#line 108 "serv.gaa"
- char **kx;
-#line 107 "serv.gaa"
- int nkx;
-#line 104 "serv.gaa"
- char **macs;
-#line 103 "serv.gaa"
- int nmacs;
-#line 100 "serv.gaa"
- char **comp;
-#line 99 "serv.gaa"
- int ncomp;
-#line 96 "serv.gaa"
- char **proto;
-#line 95 "serv.gaa"
- int nproto;
-#line 92 "serv.gaa"
- char **ciphers;
#line 91 "serv.gaa"
- int nciphers;
+ char *priorities;
#line 88 "serv.gaa"
char *opaque_prf_input;
#line 85 "serv.gaa"
@@ -308,44 +278,38 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 37
+#define GAA_NB_OPTION 31
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_list 3
#define GAAOPTID_priority 4
-#define GAAOPTID_ctypes 5
-#define GAAOPTID_kx 6
-#define GAAOPTID_macs 7
-#define GAAOPTID_comp 8
-#define GAAOPTID_protocols 9
-#define GAAOPTID_ciphers 10
-#define GAAOPTID_opaque_prf_input 11
-#define GAAOPTID_srppasswdconf 12
-#define GAAOPTID_srppasswd 13
-#define GAAOPTID_pskhint 14
-#define GAAOPTID_pskpasswd 15
-#define GAAOPTID_disable_client_cert 16
-#define GAAOPTID_require_cert 17
-#define GAAOPTID_x509dsacertfile 18
-#define GAAOPTID_x509dsakeyfile 19
-#define GAAOPTID_x509certfile 20
-#define GAAOPTID_x509keyfile 21
-#define GAAOPTID_pgpsubkey 22
-#define GAAOPTID_pgpcertfile 23
-#define GAAOPTID_pgpkeyfile 24
-#define GAAOPTID_pgpkeyring 25
-#define GAAOPTID_x509crlfile 26
-#define GAAOPTID_x509cafile 27
-#define GAAOPTID_x509fmtder 28
-#define GAAOPTID_dhparams 29
-#define GAAOPTID_echo 30
-#define GAAOPTID_http 31
-#define GAAOPTID_noticket 32
-#define GAAOPTID_nodb 33
-#define GAAOPTID_quiet 34
-#define GAAOPTID_port 35
-#define GAAOPTID_generate 36
-#define GAAOPTID_debug 37
+#define GAAOPTID_opaque_prf_input 5
+#define GAAOPTID_srppasswdconf 6
+#define GAAOPTID_srppasswd 7
+#define GAAOPTID_pskhint 8
+#define GAAOPTID_pskpasswd 9
+#define GAAOPTID_disable_client_cert 10
+#define GAAOPTID_require_cert 11
+#define GAAOPTID_x509dsacertfile 12
+#define GAAOPTID_x509dsakeyfile 13
+#define GAAOPTID_x509certfile 14
+#define GAAOPTID_x509keyfile 15
+#define GAAOPTID_pgpsubkey 16
+#define GAAOPTID_pgpcertfile 17
+#define GAAOPTID_pgpkeyfile 18
+#define GAAOPTID_pgpkeyring 19
+#define GAAOPTID_x509crlfile 20
+#define GAAOPTID_x509cafile 21
+#define GAAOPTID_x509fmtder 22
+#define GAAOPTID_dhparams 23
+#define GAAOPTID_echo 24
+#define GAAOPTID_http 25
+#define GAAOPTID_noticket 26
+#define GAAOPTID_nodb 27
+#define GAAOPTID_quiet 28
+#define GAAOPTID_port 29
+#define GAAOPTID_generate 30
+#define GAAOPTID_debug 31
#line 168 "gaa.skel"
@@ -538,42 +502,6 @@ struct GAAOPTION_priority
int size1;
};
-struct GAAOPTION_ctypes
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_kx
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_macs
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_comp
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_protocols
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_ciphers
-{
- char** arg1;
- int size1;
-};
-
struct GAAOPTION_opaque_prf_input
{
char* arg1;
@@ -712,12 +640,6 @@ static int gaa_get_option_num(char *str, int status)
{
case GAA_LETTER_OPTION:
GAA_CHECK1STR("", GAAOPTID_priority);
- GAA_CHECK1STR("", GAAOPTID_ctypes);
- GAA_CHECK1STR("", GAAOPTID_kx);
- GAA_CHECK1STR("", GAAOPTID_macs);
- GAA_CHECK1STR("", GAAOPTID_comp);
- GAA_CHECK1STR("", GAAOPTID_protocols);
- GAA_CHECK1STR("", GAAOPTID_ciphers);
GAA_CHECK1STR("", GAAOPTID_opaque_prf_input);
GAA_CHECK1STR("", GAAOPTID_srppasswdconf);
GAA_CHECK1STR("", GAAOPTID_srppasswd);
@@ -758,12 +680,6 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("help", GAAOPTID_help);
GAA_CHECKSTR("list", GAAOPTID_list);
GAA_CHECKSTR("priority", GAAOPTID_priority);
- GAA_CHECKSTR("ctypes", GAAOPTID_ctypes);
- GAA_CHECKSTR("kx", GAAOPTID_kx);
- GAA_CHECKSTR("macs", GAAOPTID_macs);
- GAA_CHECKSTR("comp", GAAOPTID_comp);
- GAA_CHECKSTR("protocols", GAAOPTID_protocols);
- GAA_CHECKSTR("ciphers", GAAOPTID_ciphers);
GAA_CHECKSTR("opaque-prf-input",
GAAOPTID_opaque_prf_input);
GAA_CHECKSTR("srppasswdconf", GAAOPTID_srppasswdconf);
GAA_CHECKSTR("srppasswd", GAAOPTID_srppasswd);
@@ -804,12 +720,6 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
int OK = 0;
int gaa_last_non_option;
struct GAAOPTION_priority GAATMP_priority;
- struct GAAOPTION_ctypes GAATMP_ctypes;
- struct GAAOPTION_kx GAATMP_kx;
- struct GAAOPTION_macs GAATMP_macs;
- struct GAAOPTION_comp GAATMP_comp;
- struct GAAOPTION_protocols GAATMP_protocols;
- struct GAAOPTION_ciphers GAATMP_ciphers;
struct GAAOPTION_opaque_prf_input GAATMP_opaque_prf_input;
struct GAAOPTION_srppasswdconf GAATMP_srppasswdconf;
struct GAAOPTION_srppasswd GAATMP_srppasswd;
@@ -850,21 +760,21 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
case GAAOPTID_version:
OK = 0;
-#line 121 "serv.gaa"
+#line 97 "serv.gaa"
{ serv_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 119 "serv.gaa"
+#line 95 "serv.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_list:
OK = 0;
-#line 118 "serv.gaa"
+#line 94 "serv.gaa"
{ print_list(0); exit(0); ;};
return GAA_OK;
@@ -874,59 +784,11 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_priority.arg1, gaa_getstr,
GAATMP_priority.size1);
gaa_index++;
-#line 116 "serv.gaa"
+#line 92 "serv.gaa"
{ gaaval->priorities = GAATMP_priority.arg1 ;};
return GAA_OK;
break;
- case GAAOPTID_ctypes:
- OK = 0;
- GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*,
GAATMP_ctypes.size1);
-#line 113 "serv.gaa"
-{ gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_kx:
- OK = 0;
- GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*,
GAATMP_kx.size1);
-#line 109 "serv.gaa"
-{ gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_macs:
- OK = 0;
- GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*,
GAATMP_macs.size1);
-#line 105 "serv.gaa"
-{ gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_comp:
- OK = 0;
- GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*,
GAATMP_comp.size1);
-#line 101 "serv.gaa"
-{ gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_protocols:
- OK = 0;
- GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*,
GAATMP_protocols.size1);
-#line 97 "serv.gaa"
-{ gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto =
GAATMP_protocols.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_ciphers:
- OK = 0;
- GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*,
GAATMP_ciphers.size1);
-#line 93 "serv.gaa"
-{ gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers =
GAATMP_ciphers.size1 ;};
-
- return GAA_OK;
- break;
case GAAOPTID_opaque_prf_input:
OK = 0;
GAA_TESTMOREARGS;
@@ -1194,10 +1056,8 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 125 "serv.gaa"
-{ gaaval->generate=0; gaaval->port=5556; gaaval->http=0; gaaval->ciphers=NULL;
- gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL;
gaaval->ctype=NULL; gaaval->nciphers=0;
- gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0;
gaaval->nodb = 0; gaaval->noticket = 0;
+#line 101 "serv.gaa"
+{ gaaval->generate=0; gaaval->port=5556; gaaval->http=0; gaaval->nodb = 0;
gaaval->noticket = 0;
gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL;
gaaval->pgp_certfile=NULL;
gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL;
gaaval->x509_crlfile = NULL;
gaaval->x509_dsakeyfile=NULL; gaaval->x509_dsacertfile=NULL;
diff --git a/src/serv-gaa.h b/src/serv-gaa.h
index b2bb557..cb9f66c 100644
--- a/src/serv-gaa.h
+++ b/src/serv-gaa.h
@@ -8,32 +8,8 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 115 "serv.gaa"
- char *priorities;
-#line 112 "serv.gaa"
- char **ctype;
-#line 111 "serv.gaa"
- int nctype;
-#line 108 "serv.gaa"
- char **kx;
-#line 107 "serv.gaa"
- int nkx;
-#line 104 "serv.gaa"
- char **macs;
-#line 103 "serv.gaa"
- int nmacs;
-#line 100 "serv.gaa"
- char **comp;
-#line 99 "serv.gaa"
- int ncomp;
-#line 96 "serv.gaa"
- char **proto;
-#line 95 "serv.gaa"
- int nproto;
-#line 92 "serv.gaa"
- char **ciphers;
#line 91 "serv.gaa"
- int nciphers;
+ char *priorities;
#line 88 "serv.gaa"
char *opaque_prf_input;
#line 85 "serv.gaa"
diff --git a/src/serv.c b/src/serv.c
index e6a975c..0687624 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -326,13 +326,6 @@ generate_rsa_params (void)
LIST_DECLARE_INIT (listener_list, listener_item, listener_free);
-static int protocol_priority[PRI_MAX];
-static int kx_priority[PRI_MAX];
-static int cipher_priority[PRI_MAX];
-static int comp_priority[PRI_MAX];
-static int mac_priority[PRI_MAX];
-static int cert_type_priority[PRI_MAX];
-
static gnutls_session_t
initialize_session (void)
{
@@ -363,19 +356,6 @@ initialize_session (void)
exit (1);
}
- if (cipher_priority[0])
- gnutls_cipher_set_priority (session, cipher_priority);
- if (comp_priority[0])
- gnutls_compression_set_priority (session, comp_priority);
- if (kx_priority[0])
- gnutls_kx_set_priority (session, kx_priority);
- if (protocol_priority[0])
- gnutls_protocol_set_priority (session, protocol_priority);
- if (mac_priority[0])
- gnutls_mac_set_priority (session, mac_priority);
- if (cert_type_priority[0])
- gnutls_certificate_type_set_priority (session, cert_type_priority);
-
gnutls_credentials_set (session, GNUTLS_CRD_ANON, dh_cred);
if (srp_cred != NULL)
@@ -1498,13 +1478,6 @@ gaa_parser (int argc, char **argv)
psk_passwd = info.psk_passwd;
pgp_keyring = info.pgp_keyring;
-
- parse_protocols (info.proto, info.nproto, protocol_priority);
- parse_ciphers (info.ciphers, info.nciphers, cipher_priority);
- parse_macs (info.macs, info.nmacs, mac_priority);
- parse_ctypes (info.ctype, info.nctype, cert_type_priority);
- parse_kx (info.kx, info.nkx, kx_priority);
- parse_comp (info.comp, info.ncomp, comp_priority);
}
extern void serv_version (void);
diff --git a/src/serv.gaa b/src/serv.gaa
index 37130cc..0828a86 100644
--- a/src/serv.gaa
+++ b/src/serv.gaa
@@ -88,30 +88,6 @@ option (srppasswdconf) STR "FILE" { $srp_passwd_conf = $1 }
"SRP password conf f
#char *opaque_prf_input;
option (opaque-prf-input) STR "DATA" { $opaque_prf_input = $1 } "Use Opaque
PRF Input DATA."
-#int nciphers;
-#char **ciphers;
-option (ciphers) *STR "cipher1 cipher2..." { $ciphers = $1; $nciphers = @1 }
"Ciphers to enable."
-
-#int nproto;
-#char **proto;
-option (protocols) *STR "protocol1 protocol2..." { $proto = $1; $nproto = @1 }
"Protocols to enable."
-
-#int ncomp;
-#char **comp;
-option (comp) *STR "comp1 comp2..." { $comp = $1; $ncomp = @1 } "Compression
methods to enable."
-
-#int nmacs;
-#char **macs;
-option (macs) *STR "mac1 mac2..." { $macs = $1; $nmacs = @1 } "MACs to enable."
-
-#int nkx;
-#char **kx;
-option (kx) *STR "kx1 kx2..." { $kx = $1; $nkx = @1 } "Key exchange methods to
enable."
-
-#int nctype;
-#char **ctype;
-option (ctypes) *STR "certType1 certType2..." { $ctype = $1; $nctype = @1 }
"Certificate types to enable."
-
#char *priorities;
option (priority) STR "PRIORITY STRING" { $priorities = $1 } "Priorities
string."
@@ -122,9 +98,7 @@ option (v, version) { serv_version(); exit(0); } "prints the
program's version n
INCOMP ra
-init { $generate=0; $port=5556; $http=0; $ciphers=NULL;
- $kx=NULL; $comp=NULL; $macs=NULL; $ctype=NULL; $nciphers=0;
- $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $nodb = 0; $noticket = 0;
+init { $generate=0; $port=5556; $http=0; $nodb = 0; $noticket = 0;
$x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL;
$x509_keyfile=NULL; $x509_certfile=NULL; $x509_crlfile = NULL;
$x509_dsakeyfile=NULL; $x509_dsacertfile=NULL;
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-95-g80d4a80,
Nikos Mavrogiannopoulos <=