changes to way SSL_CIPHER allocation is handled

make use of option SSL_OP_NO_TLSv1
author: Andrew McDonald <admcd@gnutls.org> 2002-06-21 21:43:36 +0000
committer: Andrew McDonald <admcd@gnutls.org> 2002-06-21 21:43:36 +0000
commit: f31648e2d129b96f4df43a71695e9d31d0f6deba (patch)
tree: cf20be3f29b619f2430988611f9d75e0f2f108cd
parent: a341d0d733a5ccb6be6f41e7048575dd5162f164 (diff)
download: gnutls-f31648e2d129b96f4df43a71695e9d31d0f6deba.tar.gz
2 files changed, 45 insertions, 24 deletions
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index 601e547bd1..b61c3be822 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -20,7 +20,7 @@
 #include <gcrypt.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include "gnutls-openssl.h"
+#include "openssl.h"
 
 static int last_error = 0;
 
@@ -135,7 +135,7 @@ SSL *SSL_new(SSL_CTX *ctx)
     if (ctx->keyfile)
         gnutls_certificate_set_x509_key_file(ssl->gnutls_cred, ctx->certfile,
                                              ctx->keyfile, ctx->keyfile_type);
-
+    ssl->ctx = ctx;
     ssl->verify_mode = ctx->verify_mode;
     ssl->verify_callback = ctx->verify_callback;
 
@@ -197,6 +197,26 @@ int SSL_connect(SSL *ssl)
     X509_STORE_CTX *store;
     int cert_list_size = 0;
     int err;
+    int i, j;
+    int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
+    /* take options into account before connecting */
+
+    if (ssl->options & SSL_OP_NO_TLSv1)
+    {
+        for (i=0, j=0;
+             i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0;
+             i++, j++)
+        {
+            if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
+                j++;
+            else
+                x_priority[i] = ssl->ctx->method->protocol_priority[j];
+        }
+        if (i < GNUTLS_MAX_ALGORITHM_NUM)
+            x_priority[i] = 0;
+        gnutls_protocol_set_priority (ssl->gnutls_state,
+                                      ssl->ctx->method->protocol_priority);
+    }
 
     err = gnutls_handshake(ssl->gnutls_state);
     ssl->last_error = err;
@@ -314,20 +334,17 @@ SSL_METHOD *SSLv23_client_method(void)
 
 SSL_CIPHER *SSL_get_current_cipher(SSL *ssl)
 {
-    SSL_CIPHER *sslc;
-
-    sslc = (SSL_CIPHER *)calloc(1, sizeof(SSL_CIPHER));
-    if (!sslc)
+    if (!ssl)
         return NULL;
 
-    sslc->version = gnutls_protocol_get_version(ssl->gnutls_state);
-    sslc->cipher = gnutls_cipher_get(ssl->gnutls_state);
-    sslc->kx = gnutls_kx_get(ssl->gnutls_state);
-    sslc->mac = gnutls_mac_get(ssl->gnutls_state);
-    sslc->compression = gnutls_compression_get(ssl->gnutls_state);
-    sslc->cert = gnutls_cert_type_get(ssl->gnutls_state);
+    ssl->ciphersuite.version = gnutls_protocol_get_version(ssl->gnutls_state);
+    ssl->ciphersuite.cipher = gnutls_cipher_get(ssl->gnutls_state);
+    ssl->ciphersuite.kx = gnutls_kx_get(ssl->gnutls_state);
+    ssl->ciphersuite.mac = gnutls_mac_get(ssl->gnutls_state);
+    ssl->ciphersuite.compression = gnutls_compression_get(ssl->gnutls_state);
+    ssl->ciphersuite.cert = gnutls_cert_type_get(ssl->gnutls_state);
 
-    return sslc;
+    return &(ssl->ciphersuite);
 }
 
 const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher)
diff --git a/libextra/openssl.h b/libextra/openssl.h
index 713689afbf..7f0813d790 100644
--- a/libextra/openssl.h
+++ b/libextra/openssl.h
@@ -30,7 +30,7 @@
 
 #define OPENSSL_VERSION_NUMBER (0x0090604F)
 #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
-#define OPENSSL_VERSION_TEXT ("GNUTLS " LIBGNUTLS_VERSION)
+#define OPENSSL_VERSION_TEXT ("GNUTLS " LIBGNUTLS_VERSION " ")
 
 #define SSL_ERROR_NONE        (0)
 #define SSL_ERROR_SSL         (1)
@@ -69,6 +69,16 @@ typedef struct
 
 typedef struct
 {
+    GNUTLS_Version version;
+    GNUTLS_BulkCipherAlgorithm cipher;
+    GNUTLS_KXAlgorithm kx;
+    GNUTLS_MACAlgorithm mac;
+    GNUTLS_CompressionMethod compression;
+    GNUTLS_CertificateType cert;
+} SSL_CIPHER;
+
+typedef struct
+{
     struct _SSL *ssl;
     int error;
     gnutls_datum *cert_list;
@@ -94,6 +104,10 @@ typedef struct _SSL
     GNUTLS_STATE gnutls_state;
 #define rbio gnutls_state
     GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS gnutls_cred;
+
+    SSL_CTX *ctx;
+    SSL_CIPHER ciphersuite;
+
     int last_error;
     int shutdown;
     int state;
@@ -105,16 +119,6 @@ typedef struct _SSL
 
 typedef struct
 {
-    GNUTLS_Version version;
-    GNUTLS_BulkCipherAlgorithm cipher;
-    GNUTLS_KXAlgorithm kx;
-    GNUTLS_MACAlgorithm mac;
-    GNUTLS_CompressionMethod compression;
-    GNUTLS_CertificateType cert;
-} SSL_CIPHER;
-
-typedef struct
-{
     GCRY_MD_HD handle;
 } MD_CTX;
author	Andrew McDonald <admcd@gnutls.org>	2002-06-21 21:43:36 +0000
committer	Andrew McDonald <admcd@gnutls.org>	2002-06-21 21:43:36 +0000
commit	f31648e2d129b96f4df43a71695e9d31d0f6deba (patch)
tree	cf20be3f29b619f2430988611f9d75e0f2f108cd
parent	a341d0d733a5ccb6be6f41e7048575dd5162f164 (diff)
download	gnutls-f31648e2d129b96f4df43a71695e9d31d0f6deba.tar.gz