gnutls-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-62-g2a5f15c

From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-62-g2a5f15c
Date: Tue, 22 May 2012 07:20:17 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2a5f15cc214793b8bdea578db02acd25361fa9ee

The branch, master has been updated
       via  2a5f15cc214793b8bdea578db02acd25361fa9ee (commit)
       via  e9e8f551b7b101e8520f3fb6e26ba2519c70f488 (commit)
       via  e3f90ae0ffdf6e23f5ea031df84bdb588967c4c5 (commit)
      from  bcdf79aea10f3f30817ce0b3e9b29dab435219c6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2a5f15cc214793b8bdea578db02acd25361fa9ee
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat May 19 12:03:42 2012 +0200

    Added text for gnutls_dh_set_prime_bits and gnutls_srp_set_prime_bits

commit e9e8f551b7b101e8520f3fb6e26ba2519c70f488
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat May 19 11:56:08 2012 +0200

    Document the effect of lowering the DH bits.

commit e3f90ae0ffdf6e23f5ea031df84bdb588967c4c5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon May 14 17:56:54 2012 +0200

    Print certificate if --print-cert is given, even on verification failure.

-----------------------------------------------------------------------

Summary of changes:
 doc/cha-gtls-app.texi |    4 +++-
 lib/gnutls_ui.c       |    4 ++++
 src/cli.c             |    1 +
 src/common.c          |   10 ++++++----
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 062e1b5..605c3ca 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1351,4 +1351,6 @@ Those functions will convert a human understandable 
security parameter
 of @code{gnutls_sec_param_t} type, to a number of bits suitable for a public 
 key algorithm.
 
-
+The following functions will set the minimum acceptable group size for 
Diffie-Hellman
+and SRP authentication. 
address@hidden,gnutls_srp_set_prime_bits}
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index ed081a3..4a44dc6 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -84,12 +84,16 @@ int gnutls_random_art (gnutls_random_art_t type,
  * a server sends a prime with less bits than that
  * %GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the handshake.
  *
+ * Note that values lower than 512 bits may allow decryption of the
+ * exchanged data.
+ *
  * This function has no effect in server side.
  *
  **/
 void
 gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits)
 {
+  if (bits <= 512) _gnutls_audit_log(session, "Note that the security level of 
the Diffie-Hellman key exchange has been lowered to %u bits and this may allow 
decryption of the session data\n", bits);
   session->internals.dh_prime_bits = bits;
 }
 
diff --git a/src/cli.c b/src/cli.c
index 03848ca..b9368dc 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -1288,6 +1288,7 @@ do_handshake (socket_st * socket)
     }
   else
     {
+      print_cert_info (socket->session, verbose, print_cert);
       gnutls_alert_send_appropriate (socket->session, ret);
       shutdown (socket->fd, SHUT_RDWR);
     }
diff --git a/src/common.c b/src/common.c
index b61bc0f..c2f30a0 100644
--- a/src/common.c
+++ b/src/common.c
@@ -651,9 +651,7 @@ print_info (gnutls_session_t session, int print_cert)
                 }
           }
 
-          print_cert_info (session, 
-                           
verbose?GNUTLS_CRT_PRINT_FULL:GNUTLS_CRT_PRINT_COMPACT, 
-                           print_cert);
+          print_cert_info (session, verbose, print_cert);
 
           if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
               print_dh_info (session, "Ephemeral ", verbose);
@@ -712,8 +710,12 @@ print_info (gnutls_session_t session, int print_cert)
 }
 
 void
-print_cert_info (gnutls_session_t session, int flag, int print_cert)
+print_cert_info (gnutls_session_t session, int verbose, int print_cert)
 {
+int flag;
+
+    if (verbose) flag = GNUTLS_CRT_PRINT_FULL;
+    else flag = GNUTLS_CRT_PRINT_COMPACT;
 
     if (gnutls_certificate_client_get_request_status (session) != 0)
         printf ("- Server has requested a certificate.\n");


hooks/post-receive
-- 
GNU gnutls
reply via email to
[Prev in Thread] Current Thread [Next in Thread]