diff options
author | Andrew McDonald <admcd@gnutls.org> | 2002-06-21 21:43:36 +0000 |
---|---|---|
committer | Andrew McDonald <admcd@gnutls.org> | 2002-06-21 21:43:36 +0000 |
commit | f31648e2d129b96f4df43a71695e9d31d0f6deba (patch) | |
tree | cf20be3f29b619f2430988611f9d75e0f2f108cd | |
parent | a341d0d733a5ccb6be6f41e7048575dd5162f164 (diff) | |
download | gnutls-f31648e2d129b96f4df43a71695e9d31d0f6deba.tar.gz |
changes to way SSL_CIPHER allocation is handled
make use of option SSL_OP_NO_TLSv1
-rw-r--r-- | libextra/gnutls_openssl.c | 43 | ||||
-rw-r--r-- | libextra/openssl.h | 26 |
2 files changed, 45 insertions, 24 deletions
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c index 601e547bd1..b61c3be822 100644 --- a/libextra/gnutls_openssl.c +++ b/libextra/gnutls_openssl.c @@ -20,7 +20,7 @@ #include <gcrypt.h> #include <stdio.h> #include <stdlib.h> -#include "gnutls-openssl.h" +#include "openssl.h" static int last_error = 0; @@ -135,7 +135,7 @@ SSL *SSL_new(SSL_CTX *ctx) if (ctx->keyfile) gnutls_certificate_set_x509_key_file(ssl->gnutls_cred, ctx->certfile, ctx->keyfile, ctx->keyfile_type); - + ssl->ctx = ctx; ssl->verify_mode = ctx->verify_mode; ssl->verify_callback = ctx->verify_callback; @@ -197,6 +197,26 @@ int SSL_connect(SSL *ssl) X509_STORE_CTX *store; int cert_list_size = 0; int err; + int i, j; + int x_priority[GNUTLS_MAX_ALGORITHM_NUM]; + /* take options into account before connecting */ + + if (ssl->options & SSL_OP_NO_TLSv1) + { + for (i=0, j=0; + i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; + i++, j++) + { + if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1) + j++; + else + x_priority[i] = ssl->ctx->method->protocol_priority[j]; + } + if (i < GNUTLS_MAX_ALGORITHM_NUM) + x_priority[i] = 0; + gnutls_protocol_set_priority (ssl->gnutls_state, + ssl->ctx->method->protocol_priority); + } err = gnutls_handshake(ssl->gnutls_state); ssl->last_error = err; @@ -314,20 +334,17 @@ SSL_METHOD *SSLv23_client_method(void) SSL_CIPHER *SSL_get_current_cipher(SSL *ssl) { - SSL_CIPHER *sslc; - - sslc = (SSL_CIPHER *)calloc(1, sizeof(SSL_CIPHER)); - if (!sslc) + if (!ssl) return NULL; - sslc->version = gnutls_protocol_get_version(ssl->gnutls_state); - sslc->cipher = gnutls_cipher_get(ssl->gnutls_state); - sslc->kx = gnutls_kx_get(ssl->gnutls_state); - sslc->mac = gnutls_mac_get(ssl->gnutls_state); - sslc->compression = gnutls_compression_get(ssl->gnutls_state); - sslc->cert = gnutls_cert_type_get(ssl->gnutls_state); + ssl->ciphersuite.version = gnutls_protocol_get_version(ssl->gnutls_state); + ssl->ciphersuite.cipher = gnutls_cipher_get(ssl->gnutls_state); + ssl->ciphersuite.kx = gnutls_kx_get(ssl->gnutls_state); + ssl->ciphersuite.mac = gnutls_mac_get(ssl->gnutls_state); + ssl->ciphersuite.compression = gnutls_compression_get(ssl->gnutls_state); + ssl->ciphersuite.cert = gnutls_cert_type_get(ssl->gnutls_state); - return sslc; + return &(ssl->ciphersuite); } const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher) diff --git a/libextra/openssl.h b/libextra/openssl.h index 713689afbf..7f0813d790 100644 --- a/libextra/openssl.h +++ b/libextra/openssl.h @@ -30,7 +30,7 @@ #define OPENSSL_VERSION_NUMBER (0x0090604F) #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -#define OPENSSL_VERSION_TEXT ("GNUTLS " LIBGNUTLS_VERSION) +#define OPENSSL_VERSION_TEXT ("GNUTLS " LIBGNUTLS_VERSION " ") #define SSL_ERROR_NONE (0) #define SSL_ERROR_SSL (1) @@ -69,6 +69,16 @@ typedef struct typedef struct { + GNUTLS_Version version; + GNUTLS_BulkCipherAlgorithm cipher; + GNUTLS_KXAlgorithm kx; + GNUTLS_MACAlgorithm mac; + GNUTLS_CompressionMethod compression; + GNUTLS_CertificateType cert; +} SSL_CIPHER; + +typedef struct +{ struct _SSL *ssl; int error; gnutls_datum *cert_list; @@ -94,6 +104,10 @@ typedef struct _SSL GNUTLS_STATE gnutls_state; #define rbio gnutls_state GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS gnutls_cred; + + SSL_CTX *ctx; + SSL_CIPHER ciphersuite; + int last_error; int shutdown; int state; @@ -105,16 +119,6 @@ typedef struct _SSL typedef struct { - GNUTLS_Version version; - GNUTLS_BulkCipherAlgorithm cipher; - GNUTLS_KXAlgorithm kx; - GNUTLS_MACAlgorithm mac; - GNUTLS_CompressionMethod compression; - GNUTLS_CertificateType cert; -} SSL_CIPHER; - -typedef struct -{ GCRY_MD_HD handle; } MD_CTX; |