[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_3-12-g206da0a
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_3-12-g206da0a |
Date: |
Sun, 28 Oct 2012 01:39:48 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=206da0ac665d8770a00fc190716d9172c84e9c40
The branch, master has been updated
via 206da0ac665d8770a00fc190716d9172c84e9c40 (commit)
via ede349c6fe916355124c21ad834bfd7207b9b445 (commit)
via 4208a593c6d6cc590635db2767d857379d911a47 (commit)
from 524b5e837d533407dc27a4851b17ed86a57cdabf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 206da0ac665d8770a00fc190716d9172c84e9c40
Author: Elias Pipping <address@hidden>
Date: Sun Oct 14 21:30:26 2012 +0200
Fix out-of-source tests
commit ede349c6fe916355124c21ad834bfd7207b9b445
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Oct 28 02:25:46 2012 +0100
Added gnutls_session_get_id2().
commit 4208a593c6d6cc590635db2767d857379d911a47
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Oct 28 02:18:29 2012 +0100
updated doc
-----------------------------------------------------------------------
Summary of changes:
doc/cha-gtls-app.texi | 2 +-
lib/gnutls_cert.c | 17 ++++++++++-------
lib/gnutls_session.c | 29 +++++++++++++++++++++++++----
lib/includes/gnutls/gnutls.h.in | 2 +-
lib/libgnutls.map | 1 +
tests/Makefile.am | 1 +
tests/pkcs12-decode/pkcs12 | 5 +++--
7 files changed, 42 insertions(+), 15 deletions(-)
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index e603866..0e942eb 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1093,7 +1093,7 @@ the session parameters. Before establishing a new session
to the same
server the parameters must be re-associated with the GnuTLS session
using @funcref{gnutls_session_set_data}.
address@hidden,gnutls_session_get_id,gnutls_session_set_data}
address@hidden,gnutls_session_get_id2,gnutls_session_set_data}
Keep in mind that sessions will be expired after some time, depending
on the server, and a server may choose not to resume a session
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index afdc7de..d8d437a 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -639,16 +639,19 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t
session,
* @session: is a gnutls session
* @status: is the output of the verification
*
- * This function will try to verify the peer's certificate and return
- * its status (trusted, invalid etc.). The value of @status should
- * be one or more of the gnutls_certificate_status_t enumerated
- * elements bitwise or'd. To avoid denial of service attacks some
+ * This function will verify the peer's certificate and return
+ * its status (trusted, invalid etc.). The value of @status will
+ * be one or more of the gnutls_certificate_status_t flags
+ * bitwise or'd. Note that verification failure does not imply a
+ * negative return value. Only the @status is updated.
+ *
+ * If available the OCSP Certificate Status extension will be
+ * utilized by this function.
+ *
+ * To avoid denial of service attacks some
* default upper limits regarding the certificate key size and chain
* size are set. To override them use gnutls_certificate_set_verify_limits().
*
- * This function will utilize the OCSP Certificate Status extension if
- * negotiated --to enable see gnutls_ocsp_status_request_enable_client().
- *
* Note that you must also check the peer's name in order to check if
* the verified certificate belongs to the actual peer, see
gnutls_x509_crt_check_hostname().
*
diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c
index fbd807b..80d984c 100644
--- a/lib/gnutls_session.c
+++ b/lib/gnutls_session.c
@@ -128,14 +128,14 @@ gnutls_session_get_data2 (gnutls_session_t session,
gnutls_datum_t * data)
* gnutls_session_get_id:
* @session: is a #gnutls_session_t structure.
* @session_id: is a pointer to space to hold the session id.
- * @session_id_size: is the session id's size, or it will be set by the
function.
+ * @session_id_size: initially should contain the maximum @session_id size and
will be updated.
*
- * Returns the current session id. This can be used if you want to
+ * Returns the current session ID. This can be used if you want to
* check if the next session you tried to resume was actually
- * resumed. This is because resumed sessions have the same sessionID
+ * resumed. That is because resumed sessions share the same session ID
* with the original session.
*
- * Session id is some data set by the server, that identify the
+ * The session ID is selected by the server, that identify the
* current session. In TLS 1.0 and SSL 3.0 session id is always less
* than 32 bytes.
*
@@ -168,6 +168,27 @@ gnutls_session_get_id (gnutls_session_t session,
}
/**
+ * gnutls_session_get_id2:
+ * @session: is a #gnutls_session_t structure.
+ * @session_id: will point to the session ID.
+ *
+ * Returns the current session ID. The returned data should be
+ * treated as constant.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_session_get_id2 (gnutls_session_t session,
+ gnutls_datum_t *session_id)
+{
+ session_id->size = session->security_parameters.session_id_size;
+ session_id->data = session->security_parameters.session_id;
+
+ return 0;
+}
+
+/**
* gnutls_session_set_data:
* @session: is a #gnutls_session_t structure.
* @session_data: is a pointer to space to hold the session.
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index b6cd8be..e60914e 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1024,7 +1024,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
#define GNUTLS_MAX_SESSION_ID 32
int gnutls_session_get_id (gnutls_session_t session, void *session_id,
size_t * session_id_size);
-
+ int gnutls_session_get_id2 (gnutls_session_t session, gnutls_datum_t
*session_id);
int gnutls_session_channel_binding (gnutls_session_t session,
gnutls_channel_binding_t cbtype,
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 438120e..751e49b 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -857,6 +857,7 @@ GNUTLS_3_1_0 {
gnutls_pubkey_import_openpgp_raw;
gnutls_pubkey_import_x509_raw;
gnutls_certificate_get_peers_subkey_id;
+ gnutls_session_get_id2;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b6c14be..d8307f7 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -108,6 +108,7 @@ TESTS_ENVIRONMENT =
\
PKCS12FILE_2=$(srcdir)/pkcs12-decode/pkcs12_2certs.p12 \
PKCS12PASSWORD_2="" \
EXEEXT=$(EXEEXT) \
+ top_builddir="$(top_builddir)" \
srcdir="$(srcdir)"
if WANT_TEST_SUITE
diff --git a/tests/pkcs12-decode/pkcs12 b/tests/pkcs12-decode/pkcs12
index a2ee20b..ca58827 100755
--- a/tests/pkcs12-decode/pkcs12
+++ b/tests/pkcs12-decode/pkcs12
@@ -22,7 +22,8 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir=${srcdir:-.}
-CERTTOOL=${CERTTOOL:-../../src/certtool}
+top_builddir=${top_builddir:-../..}
+CERTTOOL=${CERTTOOL:-${top_builddir}/src/certtool}
DEBUG=""
if test "x$1" != "x";then
@@ -49,7 +50,7 @@ for p12 in 'client.p12 foobar' noclient.p12 unclient.p12
pkcs12_2certs.p12; do
done
file=test-null.p12
-$CERTTOOL --p12-info --inder --null-password --infile $file >/dev/null 2>&1
+$CERTTOOL --p12-info --inder --null-password --infile $srcdir/$file >/dev/null
2>&1
rc=$?
if test $rc != 0; then
echo "PKCS12 FATAL $file"
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_3-12-g206da0a,
Nikos Mavrogiannopoulos <=