[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-136-gcd50
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-136-gcd50caf |
Date: |
Mon, 28 Feb 2011 16:30:01 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=cd50caff722fe17454770446bd5aaef59f3d50d7
The branch, gnutls_2_12_x has been updated
via cd50caff722fe17454770446bd5aaef59f3d50d7 (commit)
via 3b717f9be88799d139dce2c7800f8d49cdf086d9 (commit)
from e99c3f18557da1a30bfc4795f0fc99b7f911f2a5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cd50caff722fe17454770446bd5aaef59f3d50d7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Feb 28 17:29:56 2011 +0100
Restrict the signature algorithms we advertize to SHA1 and SHA256.
commit 3b717f9be88799d139dce2c7800f8d49cdf086d9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Feb 28 17:23:24 2011 +0100
updates on -ALL priorities.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-intro-tls.texi | 6 +++---
lib/ext_signature.c | 9 ++++++++-
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index d694d4d..8639bb3 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -416,8 +416,8 @@ Individual algorithms:
@item Ciphers:
AES-128-CBC, AES-256-CBC, CAMELLIA-128-CBC,
CAMELLIA-256-CBC, ARCFOUR-128, 3DES-CBC ARCFOUR-40. Catch all
-name is CIPHER-ALL which will add all the non-weak algorithms, i.e.
-all except ARCFOUR-40.
+name is CIPHER-ALL which will add all the algorithms from NORMAL
+priority.
@item Key exchange:
RSA, DHE-RSA, DHE-DSS, SRP, SRP-RSA, SRP-DSS,
@@ -425,7 +425,7 @@ PSK, DHE-PSK, ANON-DH, RSA-EXPORT. The
key exchange methods do not have a catch all.
@item MAC:
-MD5, SHA1, SHA256. Catch all is MAC-ALL.
+MD5, SHA1, SHA256. All algorithms from NORMAL priority can be accessed with
MAC-ALL.
@item Compression algorithms:
COMP-NULL, COMP-DEFLATE. Catch all is COMP-ALL.
diff --git a/lib/ext_signature.c b/lib/ext_signature.c
index 4b5f4e2..5e62f5c 100644
--- a/lib/ext_signature.c
+++ b/lib/ext_signature.c
@@ -73,7 +73,7 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t
session, opaque * data,
size_t max_data_size)
{
opaque *p = data, *len_p;
- int len, i, j;
+ int len, i, j, hash;
const sign_algorithm_st *aid;
if (max_data_size < (session->internals.priorities.sign_algo.algorithms*2) +
2)
@@ -89,6 +89,13 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t
session, opaque * data,
for (i = j = 0; j < session->internals.priorities.sign_algo.algorithms; i +=
2, j++)
{
+ /* In gnutls we keep a state of SHA1 and SHA256 and thus cannot
+ * use anything else.
+ */
+ hash =
_gnutls_sign_get_hash_algorithm(session->internals.priorities.sign_algo.priority[j]);
+ if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA256)
+ continue;
+
aid =
_gnutls_sign_to_tls_aid (session->internals.priorities.
sign_algo.priority[j]);
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-136-gcd50caf,
Nikos Mavrogiannopoulos <=