diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-02 19:00:34 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-02 19:00:34 +0000 |
commit | 034a6b59b8bc6983a414ec94b18fc3d2c23f8677 (patch) | |
tree | 63caaf8851117b00faad0ccd2eb4c04f2eb206c5 | |
parent | 7f3662750ef4941e9e75647dcfb2634c7cc8aa33 (diff) | |
download | gnutls-034a6b59b8bc6983a414ec94b18fc3d2c23f8677.tar.gz |
subjectAltName related fixes
-rw-r--r-- | lib/gnutls_cert.c | 4 | ||||
-rw-r--r-- | src/cli.c | 9 |
2 files changed, 8 insertions, 5 deletions
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 3d2fa568a6..fcebcb6060 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -939,7 +939,7 @@ int _gnutls_cert_supported_kx(gnutls_cert * cert, KXAlgorithm ** alg, } /* finds a certificate in the cert list that contains - * common_name field similar to name + * common_name (or subjectAltName) field similar to name */ gnutls_cert *_gnutls_find_cert(gnutls_cert ** cert_list, int cert_list_length, char *name) @@ -949,7 +949,7 @@ gnutls_cert *_gnutls_find_cert(gnutls_cert ** cert_list, for (i = 0; i < cert_list_length; i++) { if (cert_list[i][0].cert_info.common_name[0] != 0) { - if (strcmp(cert_list[i][0].cert_info.common_name, name) == 0) { + if (strcasecmp(cert_list[i][0].cert_info.common_name, name) == 0 || strcasecmp(cert_list[i][0].subjectAltName, name) == 0) { cert = &cert_list[i][0]; break; } @@ -170,7 +170,7 @@ int main(int argc, char** argv) gnutls_init(&state, GNUTLS_CLIENT); gnutls_set_protocol_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_set_cipher_priority( state, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, 0); + gnutls_set_cipher_priority( state, GNUTLS_ARCFOUR, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, 0); gnutls_set_compression_priority( state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); gnutls_set_kx_priority( state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); gnutls_set_mac_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); @@ -179,7 +179,10 @@ int main(int argc, char** argv) gnutls_set_cred( state, GNUTLS_SRP, cred); gnutls_set_cred( state, GNUTLS_X509PKI, xcred); -// gnutls_ext_set_dnsname( state, "localhost"); +/* This TLS extension may break old implementations. + * + * gnutls_ext_set_dnsname( state, "localhost"); + */ ret = gnutls_handshake(sd, state); @@ -222,7 +225,7 @@ int main(int argc, char** argv) gnutls_init(&state, GNUTLS_CLIENT); gnutls_set_protocol_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_set_cipher_priority( state, GNUTLS_3DES_CBC, GNUTLS_TWOFISH_CBC, GNUTLS_RIJNDAEL_CBC, 0); + gnutls_set_cipher_priority( state, GNUTLS_ARCFOUR, GNUTLS_3DES_CBC, GNUTLS_TWOFISH_CBC, GNUTLS_RIJNDAEL_CBC, 0); gnutls_set_compression_priority( state, GNUTLS_NULL_COMPRESSION, 0); gnutls_set_kx_priority( state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); |