[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-173-g22fa439
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-173-g22fa439 |
|
Date: |
Sat, 20 Mar 2010 11:23:40 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=22fa439525f40851df1a02f561d1022bbeb14d7d
The branch, master has been updated
via 22fa439525f40851df1a02f561d1022bbeb14d7d (commit)
via 388b1b5e5f955665ba3ba4028a7972e861af5232 (commit)
from 6e803c7631829a527497fef23084532fd83980c4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 22fa439525f40851df1a02f561d1022bbeb14d7d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 20 12:21:17 2010 +0100
Each ciphersuite is now tight with a minimum TLS version and a maximum
one. It is valid if it is between (and including) those. This was added
to deprecate TLS_RSA_EXPORT_WITH_RC4_40_MD5 which is not available
with TLS 1.1. Reported by Adrian F. Dimcev.
commit 388b1b5e5f955665ba3ba4028a7972e861af5232
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 20 12:20:59 2010 +0100
Ignore more files.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 8 +++
lib/gnutls_algorithms.c | 125 ++++++++++++++++++++-------------------
lib/gnutls_algorithms.h | 4 +-
lib/includes/gnutls/gnutls.h.in | 2 +
src/serv-gaa.c | 66 +++++++++++++--------
src/serv.gaa | 2 +-
6 files changed, 117 insertions(+), 90 deletions(-)
diff --git a/.gitignore b/.gitignore
index 4449b69..277e601 100644
--- a/.gitignore
+++ b/.gitignore
@@ -427,3 +427,11 @@ tests/x509dn
tests/x509self
tests/x509sign-verify
tests/x509signself
+tests/x509paths/
+m4/
+lib/gnutls-api.texi
+lib/openpgp/pgp-api.texi
+lib/x509/x509-api.texi
+libextra/gnutls-extra-api.texi
+libextra/ia-api.texi
+doc/gnutls-extra-api.texi
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index fa12022..ac50619 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -338,8 +338,8 @@ static const gnutls_kx_algorithm_t supported_kxs[] = {
/* Cipher SUITES */
-#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm,
mac_algorithm, version ) \
- { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version }
+#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm,
mac_algorithm, min_version, max_version ) \
+ { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm,
min_version, max_version }
typedef struct
{
@@ -348,9 +348,10 @@ typedef struct
gnutls_cipher_algorithm_t block_algorithm;
gnutls_kx_algorithm_t kx_algorithm;
gnutls_mac_algorithm_t mac_algorithm;
- gnutls_protocol_t version; /* this cipher suite is supported
+ gnutls_protocol_t min_version; /* this cipher suite is supported
* from 'version' and above;
*/
+ gnutls_protocol_t max_version;/* this cipher suite is not supported after
that */
} gnutls_cipher_suite_entry;
/* RSA with NULL cipher and MD5 MAC
@@ -482,194 +483,194 @@ static const gnutls_cipher_suite_entry cs_algorithms[]
= {
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
GNUTLS_CIPHER_ARCFOUR_128,
GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
- GNUTLS_SSL3),
+ GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC,
GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_256_CBC,
GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_TLS_MAX_VERSION),
/* PSK */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
/* DHE-PSK */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
/* SRP */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
/* DHE_DSS */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC,
GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_256_CBC,
GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_TLS_MAX_VERSION),
/* DHE_RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC,
GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_256_CBC,
GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_TLS_MAX_VERSION),
/* RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
GNUTLS_CIPHER_ARCFOUR_40,
GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
- GNUTLS_SSL3),
+ GNUTLS_SSL3, GNUTLS_TLS1_0),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_TLS_MAX_VERSION),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RENEGO_PROTECTION_REQUEST,
GNUTLS_CIPHER_UNKNOWN, GNUTLS_KX_UNKNOWN,
- GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3),
- {0, {{0, 0}}, 0, 0, 0, 0}
+ GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3,
GNUTLS_TLS_MAX_VERSION),
+ {0, {{0, 0}}, 0, 0, 0, 0, 0}
};
#define GNUTLS_CIPHER_SUITE_LOOP(b) \
@@ -1318,10 +1319,10 @@ _gnutls_cipher_suite_get_cipher_algo (const
cipher_suite_st * suite)
}
gnutls_protocol_t
-_gnutls_cipher_suite_get_version (const cipher_suite_st * suite)
+_gnutls_cipher_suite_is_version_supported (const cipher_suite_st * suite,
gnutls_protocol_t version)
{
int ret = 0;
- GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->version);
+ GNUTLS_CIPHER_SUITE_ALG_LOOP ( (version >= p->min_version && version <=
p->max_version)?(ret=1):(ret=0));
return ret;
}
@@ -1407,7 +1408,7 @@ gnutls_cipher_suite_info (size_t idx,
gnutls_kx_algorithm_t * kx,
gnutls_cipher_algorithm_t * cipher,
gnutls_mac_algorithm_t * mac,
- gnutls_protocol_t * version)
+ gnutls_protocol_t * min_version)
{
if (idx >= CIPHER_SUITES_COUNT)
return NULL;
@@ -1420,8 +1421,8 @@ gnutls_cipher_suite_info (size_t idx,
*cipher = cs_algorithms[idx].block_algorithm;
if (mac)
*mac = cs_algorithms[idx].mac_algorithm;
- if (version)
- *version = cs_algorithms[idx].version;
+ if (min_version)
+ *min_version = cs_algorithms[idx].min_version;
return cs_algorithms[idx].name + sizeof ("GNU") - 1;
}
@@ -1670,7 +1671,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session,
/* remove cipher suites which do not support the
* protocol version used.
*/
- if (_gnutls_cipher_suite_get_version (&tmp_ciphers[i]) > version)
+ if (_gnutls_cipher_suite_is_version_supported (&tmp_ciphers[i], version)
== 0)
continue;
if (_gnutls_kx_priority
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index 34df282..2a0f76c 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -68,8 +68,8 @@ gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const
cipher_suite_st
gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
cipher_suite_st *
algorithm);
-gnutls_protocol_t _gnutls_cipher_suite_get_version (const cipher_suite_st *
- algorithm);
+gnutls_protocol_t _gnutls_cipher_suite_is_version_supported (const
cipher_suite_st *
+ algorithm,
gnutls_protocol_t);
cipher_suite_st _gnutls_cipher_suite_get_suite_name (cipher_suite_st *
algorithm);
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 26a979d..9754d40 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -497,8 +497,10 @@ extern "C" {
GNUTLS_TLS1 = GNUTLS_TLS1_0,
GNUTLS_TLS1_1 = 3,
GNUTLS_TLS1_2 = 4,
+ GNUTLS_TLS_END_VERSION,
GNUTLS_VERSION_UNKNOWN = 0xff
} gnutls_protocol_t;
+#define GNUTLS_TLS_MAX_VERSION (GNUTLS_TLS_END_VERSION-1)
/**
* gnutls_certificate_type_t:
diff --git a/src/serv-gaa.c b/src/serv-gaa.c
index 3bab62d..3f762ef 100644
--- a/src/serv-gaa.c
+++ b/src/serv-gaa.c
@@ -126,7 +126,7 @@ void gaa_help(void)
{
printf("GNU TLS test server\nUsage: gnutls-serv [options]\n\n\n");
__gaa_helpsingle('d', "debug", "integer ", "Enable debugging");
- __gaa_helpsingle('g', "generate", "", "Generate Diffie-Hellman
Parameters.");
+ __gaa_helpsingle('g', "generate", "", "Generate Diffie-Hellman and
RSA-EXPORT Parameters.");
__gaa_helpsingle('p', "port", "integer ", "The port to connect to.");
__gaa_helpsingle('q', "quiet", "", "Suppress some messages.");
__gaa_helpsingle(0, "nodb", "", "Does not use the resume database.");
@@ -505,12 +505,31 @@ static int gaa_getint(char *arg)
return tmp;
}
+static char gaa_getchar(char *arg)
+{
+ if(strlen(arg) != 1)
+ {
+ printf("Option %s: '%s' isn't an character\n", gaa_current_option,
arg);
+ GAAERROR(-1);
+ }
+ return arg[0];
+}
static char* gaa_getstr(char *arg)
{
return arg;
}
-
+static float gaa_getfloat(char *arg)
+{
+ float tmp;
+ char a;
+ if(sscanf(arg, "%f%c", &tmp, &a) < 1)
+ {
+ printf("Option %s: '%s' isn't a float number\n", gaa_current_option,
arg);
+ GAAERROR(-1);
+ }
+ return tmp;
+}
/* option structures */
struct GAAOPTION_priority
@@ -1161,19 +1180,16 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
int gaa(int argc, char **argv, gaainfo *gaaval)
{
int tmp1, tmp2;
- int l;
- size_t i, j, k;
+ int i, j, k;
char *opt_list;
- i = 0;
-
GAAargv = argv;
GAAargc = argc;
opt_list = (char*) gaa_malloc(GAA_NB_OPTION + 1);
- for(l = 0; l < GAA_NB_OPTION + 1; l++)
- opt_list[l] = 0;
+ for(i = 0; i < GAA_NB_OPTION + 1; i++)
+ opt_list[i] = 0;
/* initialization */
if(inited == 0)
{
@@ -1200,27 +1216,27 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
gaa_arg_used = gaa_malloc(argc * sizeof(char));
}
- for(l = 1; l < argc; l++)
- gaa_arg_used[l] = 0;
- for(l = 1; l < argc; l++)
+ for(i = 1; i < argc; i++)
+ gaa_arg_used[i] = 0;
+ for(i = 1; i < argc; i++)
{
- if(gaa_arg_used[l] == 0)
+ if(gaa_arg_used[i] == 0)
{
j = 0;
- tmp1 = gaa_is_an_argument(GAAargv[l]);
+ tmp1 = gaa_is_an_argument(GAAargv[i]);
switch(tmp1)
{
case GAA_WORD_OPTION:
j++;
case GAA_LETTER_OPTION:
j++;
- tmp2 = gaa_get_option_num(argv[l]+j, tmp1);
+ tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
if(tmp2 == GAA_ERROR_NOMATCH)
{
- printf("Invalid option '%s'\n", argv[l]+j);
+ printf("Invalid option '%s'\n", argv[i]+j);
return 0;
}
- switch(gaa_try(tmp2, l+1, gaaval, opt_list))
+ switch(gaa_try(tmp2, i+1, gaaval, opt_list))
{
case GAA_ERROR_NOTENOUGH_ARGS:
printf("'%s': not enough arguments\n",gaa_current_option);
@@ -1233,18 +1249,18 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
default:
printf("Unknown error\n");
}
- gaa_arg_used[l] = 1;
+ gaa_arg_used[i] = 1;
break;
case GAA_MULTIPLE_OPTION:
- for(j = 1; j < strlen(argv[l]); j++)
+ for(j = 1; j < strlen(argv[i]); j++)
{
- tmp2 = gaa_get_option_num(argv[l]+j, tmp1);
+ tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
if(tmp2 == GAA_ERROR_NOMATCH)
{
- printf("Invalid option '%c'\n", *(argv[l]+j));
+ printf("Invalid option '%c'\n", *(argv[i]+j));
return 0;
}
- switch(gaa_try(tmp2, l+1, gaaval, opt_list))
+ switch(gaa_try(tmp2, i+1, gaaval, opt_list))
{
case GAA_ERROR_NOTENOUGH_ARGS:
printf("'%s': not enough
arguments\n",gaa_current_option);
@@ -1258,7 +1274,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
printf("Unknown error\n");
}
}
- gaa_arg_used[l] = 1;
+ gaa_arg_used[i] = 1;
break;
default: break;
}
@@ -1285,9 +1301,9 @@ if(gaa_processing_file == 0)
}
#endif
}
- for(l = 1; l < argc; l++)
+ for(i = 1; i < argc; i++)
{
- if(gaa_arg_used[l] == 0)
+ if(gaa_arg_used[i] == 0)
{
printf("Too many arguments\n");
return 0;
@@ -1338,7 +1354,7 @@ static int gaa_internal_get_next_str(FILE *file,
gaa_str_node *tmp_str, int argc
len++;
a = fgetc( file);
- if(a==EOF) return 0; /* a = ' '; */
+ if(a==EOF) return 0; //a = ' ';
}
len += 1;
diff --git a/src/serv.gaa b/src/serv.gaa
index c216e00..474542d 100644
--- a/src/serv.gaa
+++ b/src/serv.gaa
@@ -13,7 +13,7 @@ helpnode "GNU TLS test server\nUsage: gnutls-serv
[options]\n\n"
option (d, debug) INT "integer" { $debug = $1 } "Enable debugging"
#int generate;
-option (g, generate) { $generate = 1 } "Generate Diffie-Hellman Parameters."
+option (g, generate) { $generate = 1 } "Generate Diffie-Hellman and RSA-EXPORT
Parameters."
#int port;
option (p, port) INT "integer" { $port = $1 } "The port to connect to."
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-173-g22fa439,
Nikos Mavrogiannopoulos <=