[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] emacs-26 21a212f: Collect GnuTLS extensions and use them t
From: |
Teodor Zlatanov |
Subject: |
[Emacs-diffs] emacs-26 21a212f: Collect GnuTLS extensions and use them to set %DUMBFW if supported |
Date: |
Tue, 19 Dec 2017 12:44:15 -0500 (EST) |
branch: emacs-26
commit 21a212f9e256a05a0fc67260d338d612cba77266
Author: Ted Zlatanov <address@hidden>
Commit: Ted Zlatanov <address@hidden>
Collect GnuTLS extensions and use them to set %DUMBFW if supported
* lisp/net/gnutls.el (gnutls-boot-parameters): Use it to set %DUMBFW
only when it's supported as "ClientHello Padding" (Bug#25061).
* src/gnutls.c (Fgnutls_available_p): Get extension names and
put them in the GnuTLS capabilities, using a hard-coded limit
of 100 since GnuTLS MAX_EXT_TYPES is not exported.
---
lisp/net/gnutls.el | 58 +++++++++++++++++++++++++++++-------------------------
src/gnutls.c | 14 ++++++++++++-
2 files changed, 44 insertions(+), 28 deletions(-)
diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el
index a406b0b..608b6cf 100644
--- a/lisp/net/gnutls.el
+++ b/lisp/net/gnutls.el
@@ -261,33 +261,37 @@ here's a recent version of the list.
It must be omitted, a number, or nil; if omitted or nil it
defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
- (let ((trustfiles (or trustfiles (gnutls-trustfiles)))
- (priority-string (or priority-string
- (cond
- ((eq type 'gnutls-anon)
- "NORMAL:+ANON-DH:!ARCFOUR-128:%DUMBFW")
- ((eq type 'gnutls-x509pki)
- (if gnutls-algorithm-priority
- (upcase gnutls-algorithm-priority)
- "NORMAL:%DUMBFW")))))
- (verify-error (or verify-error
- ;; this uses the value of `gnutls-verify-error'
- (cond
- ;; if t, pass it on
- ((eq gnutls-verify-error t)
- t)
- ;; if a list, look for hostname matches
- ((listp gnutls-verify-error)
- (apply 'append
- (mapcar
- (lambda (check)
- (when (string-match (nth 0 check)
- hostname)
- (nth 1 check)))
- gnutls-verify-error)))
- ;; else it's nil
- (t nil))))
- (min-prime-bits (or min-prime-bits gnutls-min-prime-bits)))
+ (let* ((trustfiles (or trustfiles (gnutls-trustfiles)))
+ (maybe-dumbfw (if (memq 'ClientHello\ Padding (gnutls-available-p))
+ ":%DUMBFW"
+ ""))
+ (priority-string (or priority-string
+ (cond
+ ((eq type 'gnutls-anon)
+ (concat "NORMAL:+ANON-DH:!ARCFOUR-128"
+ maybe-dumbfw))
+ ((eq type 'gnutls-x509pki)
+ (if gnutls-algorithm-priority
+ (upcase gnutls-algorithm-priority)
+ (concat "NORMAL" maybe-dumbfw))))))
+ (verify-error (or verify-error
+ ;; this uses the value of `gnutls-verify-error'
+ (cond
+ ;; if t, pass it on
+ ((eq gnutls-verify-error t)
+ t)
+ ;; if a list, look for hostname matches
+ ((listp gnutls-verify-error)
+ (apply 'append
+ (mapcar
+ (lambda (check)
+ (when (string-match (nth 0 check)
+ hostname)
+ (nth 1 check)))
+ gnutls-verify-error)))
+ ;; else it's nil
+ (t nil))))
+ (min-prime-bits (or min-prime-bits gnutls-min-prime-bits)))
(when verify-hostname-error
(push :hostname verify-error))
diff --git a/src/gnutls.c b/src/gnutls.c
index 4622011..8db201a 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -2415,7 +2415,10 @@ GnuTLS 3 or higher : the list will contain
`gnutls3'.
GnuTLS MACs : the list will contain `macs'.
GnuTLS digests : the list will contain `digests'.
GnuTLS symmetric ciphers: the list will contain `ciphers'.
-GnuTLS AEAD ciphers : the list will contain `AEAD-ciphers'. */)
+GnuTLS AEAD ciphers : the list will contain `AEAD-ciphers'.
+%DUMBFW : the list will contain `ClientHello\ Padding'.
+Any GnuTLS extension with ID up to 100
+ : the list will contain its name. */)
(void)
{
Lisp_Object capabilities = Qnil;
@@ -2436,6 +2439,15 @@ GnuTLS AEAD ciphers : the list will contain
`AEAD-ciphers'. */)
capabilities = Fcons (intern("macs"), capabilities);
# endif /* HAVE_GNUTLS3 */
+ for (unsigned int ext=0; ext < 100; ext++)
+ {
+ const char* name = gnutls_ext_get_name(ext);
+ if (name != NULL)
+ {
+ capabilities = Fcons (intern(name), capabilities);
+ }
+ }
+
# ifdef WINDOWSNT
Lisp_Object found = Fassq (Qgnutls, Vlibrary_cache);
if (CONSP (found))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] emacs-26 21a212f: Collect GnuTLS extensions and use them to set %DUMBFW if supported,
Teodor Zlatanov <=