[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_20-7-gdbc72
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_20-7-gdbc72ae |
Date: |
Thu, 08 Nov 2012 16:18:37 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=dbc72ae47b16c6718cb5e53d4a31205bc45d3742
The branch, gnutls_2_12_x has been updated
via dbc72ae47b16c6718cb5e53d4a31205bc45d3742 (commit)
from 4aa900a0bc8e19c0dbb1e078ca956f7ec100bc92 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dbc72ae47b16c6718cb5e53d4a31205bc45d3742
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Nov 8 17:12:03 2012 +0100
tolerate key usage violation.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++--
lib/gnutls_int.h | 1 -
lib/gnutls_priority.c | 1 -
lib/gnutls_sig.c | 10 ++--------
4 files changed, 4 insertions(+), 12 deletions(-)
diff --git a/NEWS b/NEWS
index d824f98..21e6ae7 100644
--- a/NEWS
+++ b/NEWS
@@ -8,8 +8,8 @@ Version 2.12.21 (unreleased)
** libgnutls: Backported patch to compile with libtasn1 3.0.
Minimum libtasn1 dependency is now 2.14.
-** libgnutls: The %COMPAT keyword, if specified, will tolerate
-key usage violation errors (they are far too common to ignore).
+** libgnutls: Always tolerate key usage violation errors from the side
+of the peer, but also notify via an audit message.
** API and ABI modifications:
No changes since last version.
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 08b006e..cafaa91 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -447,7 +447,6 @@ struct gnutls_priority_st
safe_renegotiation_t sr;
int ssl3_record_version:1;
int additional_verify_flags;
- unsigned int allow_key_usage_violation:1;
};
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index a87d108..bd8cb5a 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -729,7 +729,6 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
{
(*priority_cache)->no_padding = 1;
(*priority_cache)->allow_large_records = 1;
- (*priority_cache)->allow_key_usage_violation = 1;
}
else if (strcasecmp (&broken_list[i][1],
"VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 79ab38a..a2f38e5 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -222,10 +222,7 @@ sign_tls_hash (gnutls_session_t session,
gnutls_digest_algorithm_t hash_algo,
if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
- if (session->internals.priorities.allow_key_usage_violation == 0)
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- else
- _gnutls_debug_log("Key usage violation was detected
(ignored).\n");
+ _gnutls_debug_log("Key usage violation was detected (ignored).\n");
}
/* External signing. */
@@ -295,10 +292,7 @@ verify_tls_hash (gnutls_session_t session,
gnutls_protocol_t ver, gnutls_cert *
if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
- if (session->internals.priorities.allow_key_usage_violation == 0)
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- else
- _gnutls_debug_log("Key usage violation was detected (ignored).\n");
+ _gnutls_debug_log("Key usage violation was detected (ignored).\n");
}
if (pk_algo == GNUTLS_PK_UNKNOWN)
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_20-7-gdbc72ae,
Nikos Mavrogiannopoulos <=