[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-30-gdc760be
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-30-gdc760be |
|
Date: |
Tue, 31 May 2011 19:56:51 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=dc760beb15db99f654b0b9d1186b3b0f8ebd3ab1
The branch, master has been updated
via dc760beb15db99f654b0b9d1186b3b0f8ebd3ab1 (commit)
via 993b28e2c09584af7d6a2370591dfb9c350fa659 (commit)
via da7c8508bfc0b11930605b8b16cb99ed40741951 (commit)
from 5f84e48a3f8ae92181f6031bf211989f6c54add2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dc760beb15db99f654b0b9d1186b3b0f8ebd3ab1
Author: Roman Bogorodskiy <address@hidden>
Date: Tue May 31 21:56:27 2011 +0200
Prevent including installed gnutls' headers.
commit 993b28e2c09584af7d6a2370591dfb9c350fa659
Author: Roman Bogorodskiy <address@hidden>
Date: Tue May 31 21:54:48 2011 +0200
Add missing <netinet/in.h> to get sockaddr_in.
commit da7c8508bfc0b11930605b8b16cb99ed40741951
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue May 31 11:29:15 2011 +0200
Compatibility text updated.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-intro-tls.texi | 31 ++++++++++++++++---------------
lib/Makefile.am | 2 +-
src/udp-serv.c | 1 +
3 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index cc2b62c..2109d2b 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -394,7 +394,7 @@ To initiate the handshake.
* Client Authentication:: Requesting a certificate from the client.
* Resuming Sessions:: Reusing previously established keys.
* Resuming Internals:: More information on reusing previously
established keys.
-* Compatibility Issues:: Issues on compatibility with other
implementations.
+* Interoperability Issues:: Interoperability issues with other
implementations.
@end menu
@node TLS Cipher Suites
@@ -661,31 +661,32 @@ It might also be useful to be able to check for expired
sessions in
order to remove them, and save space. The function
@ref{gnutls_db_check_entry} is provided for that reason.
address@hidden Compatibility Issues
address@hidden Compatibility Issues
address@hidden Interoperability Issues
address@hidden Interoperability Issues
The @acronym{TLS} handshake is a complex procedure that negotiates all
required parameters for a secure session. @acronym{GnuTLS} supports
-several @acronym{TLS} extensions, as well as the latest known published
-version being @acronym{TLS} 1.2. However few implementations are not able to
+several @acronym{TLS} extensions, as well as the latest @acronym{TLS} protocol
+version 1.2. However few implementations are not able to
properly interoperate once faced with extensions or version protocols
-they do not support and understand. The @acronym{TLS} protocol allows for
-graceful downgrade to the commonly supported options, but practice shows that
+they do not support and understand. The @acronym{TLS} protocol allows for a
+graceful downgrade to the commonly supported options, but practice shows
it is not always implemented correctly.
-Because there is no way to handle maximum compatibility with broken peers
+Because there is no way to achieve maximum interoperability with broken peers
without sacrificing security, @acronym{GnuTLS} ignores such peers by default.
-This might not be acceptable in several cases, where maximum compatibility
-is required, thus we allow enabling compatibility with broken peers using
-priority strings (see @ref{Priority Strings}). An example priority string that
will
-disable all supported @acronym{TLS} protocol versions except for
-the widely supported @acronym{SSL} 3.0 and @acronym{TLS} 1.0
+This might not be acceptable in cases where maximum compatibility
+is required. Thus we allow enabling compatibility with broken peers using
+priority strings (see @ref{Priority Strings}). An example priority string that
+is known to provide wide compatibility even with broken peers
is shown below:
@example
NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT
@end example
-This priority string provides the wider possible compatibility with broken
peers.
-We suggest however only to use that compatibility mode if such issues occur.
+This priority string will only enable SSL 3.0 and TLS 1.0 as protocols and
+will disable, via the @code{%COMPAT} keyword, several @acronym{TLS} protocol
+options that are known to cause compatibility problems.
+We suggest however only to use this mode if compatibility issues occur.
@node TLS Extensions
@section TLS Extensions
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 7e9eaa9..1110daa 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -151,7 +151,7 @@ endif
# C++ library
if ENABLE_CXX
-libgnutlsxx_la_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes
+libgnutlsxx_la_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes
-I$(srcdir)/includes
AM_CXXFLAGS = -I$(srcdir)/includes
diff --git a/src/udp-serv.c b/src/udp-serv.c
index 3cc3684..79066d9 100644
--- a/src/udp-serv.c
+++ b/src/udp-serv.c
@@ -1,6 +1,7 @@
#include <stdio.h>
#include <sys/socket.h>
#include <arpa/inet.h>
+#include <netinet/in.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-30-gdc760be,
Nikos Mavrogiannopoulos <=