some other bugfixes ported from the development branch.

8 files changed, 236 insertions, 92 deletions

diff --git a/configure.in b/configure.in
index bbe8347829..27fae7012f 100644
--- a/configure.in
+++ b/configure.in
@@ -58,7 +58,7 @@ case "${target}" in
 esac
 
 dnl In order to use the reentrant libc functions
-CFLAGS="${CFLAGS} -D_REENTRANT"
+CFLAGS="${CFLAGS} -D_REENTRANT -D_THREAD_SAFE"
 
 opt_dmalloc_mode=no
 AC_MSG_CHECKING([whether in dmalloc mode])
diff --git a/doc/tex/ex-x509-info.tex b/doc/tex/ex-x509-info.tex
index d7712861a7..9f21c6719a 100644
--- a/doc/tex/ex-x509-info.tex
+++ b/doc/tex/ex-x509-info.tex
@@ -7,10 +7,12 @@
 
 static const char* bin2hex( const void* bin, size_t bin_size)
 {
-static char printable[120];
-unsigned char *_bin;
+static char printable[110];
+unsigned char *_bin = bin;
 char* print;
 
+   if (bin_size > 50) bin_size = 50;
+
    print = printable;
    for (i = 0; i < bin_size; i++) {
       sprintf(print, "%.2x ", _bin[i]);
@@ -35,32 +37,39 @@ static void print_x509_certificate_info(gnutls_session session)
    int cert_list_size = 0;
    gnutls_x509_crt cert;
 
+   /* This function only works for X.509 certificates.
+    */
+   if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+      return;
+
    cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
 
-   if (cert_list_size > 0
-       && gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) {
+   printf("Peer provided %d certificates.\n", cert_list_size);
+
+   if (cert_list_size > 0) {
 
-      /* no error checking
+      /* we only print information about the first certificate.
        */
       gnutls_x509_crt_init( &cert);
 
       gnutls_x509_crt_import( cert, &cert_list[0]);
 
-      printf(" - Certificate info:\n");
+      printf("Certificate info:\n");
 
       expiration_time = gnutls_x509_crt_get_expiration_time( cert);
       activation_time = gnutls_x509_crt_get_activation_time( cert);
 
-      printf(" - Certificate is valid since: %s", ctime(&activation_time));
-      printf(" - Certificate expires: %s", ctime(&expiration_time));
+      printf("\tCertificate is valid since: %s", ctime(&activation_time));
+      printf("\tCertificate expires: %s", ctime(&expiration_time));
 
       /* Print the serial number of the certificate.
        */
       size = sizeof(serial);
       gnutls_x509_crt_get_serial(cert, serial, &size);
 
-      printf(" - Certificate serial number: %s\n", 
-         bin2hex( serial, serial_size));
+      size = sizeof( serial);
+      printf("\tCertificate serial number: %s\n", 
+         bin2hex( serial, size));
 
       /* Extract some of the public key algorithm's parameters
        */
@@ -82,16 +91,16 @@ static void print_x509_certificate_info(gnutls_session session)
       /* Print the version of the X.509 
        * certificate.
        */
-      printf(" - Certificate version: #%d\n",
+      printf("\tCertificate version: #%d\n",
              gnutls_x509_crt_get_version( cert));
 
       size = sizeof(dn);
       gnutls_x509_crt_get_dn( cert, dn, &size);
-      printf(" - DN: %s\n", dn);
+      printf("\tDN: %s\n", dn);
 
       size = sizeof(dn);
       gnutls_x509_crt_get_issuer_dn( cert, dn, &size);
-      printf(" - Certificate Issuer's DN: %s\n", dn);
+      printf("\tIssuer's DN: %s\n", dn);
 
       gnutls_x509_crt_deinit( cert);
 
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index cd790c9640..6a1fc387d0 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -146,7 +146,8 @@ typedef enum gnutls_openpgp_key_status { GNUTLS_OPENPGP_KEY,
 
 typedef enum gnutls_close_request { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } gnutls_close_request;
 
-typedef enum gnutls_protocol_version { GNUTLS_SSL3=1, GNUTLS_TLS1 } gnutls_protocol_version;
+#define GNUTLS_TLS1 GNUTLS_TLS1_0
+typedef enum gnutls_protocol_version { GNUTLS_SSL3=1, GNUTLS_TLS1_0 } gnutls_protocol_version;
 
 typedef enum gnutls_certificate_type { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP 
 } gnutls_certificate_type;
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index cea75de4d0..9877fc46d7 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2000,2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
  *
  * This file is part of GNUTLS.
  *
@@ -30,8 +31,8 @@
 
 GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm)
 {
-	GNUTLS_MAC_HANDLE ret = NULL;
-	gcry_error_t result = 0;
+	GNUTLS_MAC_HANDLE ret;
+	gcry_error_t result;
 
 	ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT));
 	if (ret == NULL) {
@@ -53,8 +54,7 @@ GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm)
 		break;
 	default:
 		gnutls_assert();
-		gnutls_free( ret);
-		ret = GNUTLS_HASH_FAILED;
+		result = -1;
 	}
 
 	if (result) {
@@ -124,12 +124,12 @@ void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void *digest)
 	opaque *mac;
 	int maclen;
 
-	maclen = gcry_md_get_algo_dlen(gcry_md_get_algo(handle->handle));
+	maclen = _gnutls_hash_get_algo_len( handle->algorithm);
+
 	gcry_md_final(handle->handle);
 	mac = gcry_md_read(handle->handle, 0);
 	if (digest != NULL)
-		memcpy(digest, mac,
-		       _gnutls_hash_get_algo_len(handle->algorithm));
+		memcpy(digest, mac, maclen);
 
 	gcry_md_close(handle->handle);
 
@@ -141,7 +141,7 @@ GNUTLS_MAC_HANDLE _gnutls_hmac_init(gnutls_mac_algorithm algorithm,
 				    const void *key, int keylen)
 {
 	GNUTLS_MAC_HANDLE ret;
-	gcry_error_t result = 0;
+	gcry_error_t result;
 
 	ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT));
 	if (ret == NULL)
@@ -158,12 +158,15 @@ GNUTLS_MAC_HANDLE _gnutls_hmac_init(gnutls_mac_algorithm algorithm,
 		result = gcry_md_open(&ret->handle, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC);
 		break;
 	default:
-		gnutls_free(ret);
-		ret = GNUTLS_MAC_FAILED;
+		gnutls_assert();
+		result = -1;
 	}
 
-	if (result)
+	if (result) {
+		gnutls_assert();
+		gnutls_free(ret);
 		ret = GNUTLS_MAC_FAILED;
+	}
 
 	if (ret != GNUTLS_MAC_FAILED) {
 		gcry_md_setkey(ret->handle, key, keylen);
@@ -176,26 +179,12 @@ GNUTLS_MAC_HANDLE _gnutls_hmac_init(gnutls_mac_algorithm algorithm,
 	return ret;
 }
 
-
-int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm)
-{
-	return _gnutls_hash_get_algo_len( algorithm);
-}
-
-int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void *text, size_t textlen)
-{
-
-	gcry_md_write(handle->handle, text, textlen);
-	return 0;
-
-}
-
 void _gnutls_hmac_deinit(GNUTLS_MAC_HANDLE handle, void *digest)
 {
 	opaque *mac;
 	int maclen;
 
-	maclen = gcry_md_get_algo_dlen(gcry_md_get_algo(handle->handle));
+	maclen = _gnutls_hash_get_algo_len( handle->algorithm);
 
 	gcry_md_final(handle->handle);
 	mac = gcry_md_read(handle->handle, 0);
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index 9a106b0989..eee1db96f3 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -38,8 +38,8 @@ typedef GNUTLS_MAC_HANDLE GNUTLS_HASH_HANDLE;
 #define GNUTLS_MAC_FAILED NULL
 
 GNUTLS_MAC_HANDLE _gnutls_hmac_init( gnutls_mac_algorithm algorithm, const void* key, int keylen);
-int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm);
-int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void* text, size_t textlen);
+#define _gnutls_hmac_get_algo_len _gnutls_hash_get_algo_len
+#define _gnutls_hmac _gnutls_hash
 void _gnutls_hmac_deinit( GNUTLS_MAC_HANDLE handle, void* digest);
 
 GNUTLS_MAC_HANDLE _gnutls_mac_init_ssl3( gnutls_mac_algorithm algorithm, void* key, int keylen);
diff --git a/lib/x509/dsa.c b/lib/x509/dsa.c
new file mode 100644
index 0000000000..6d2f25b72f
--- /dev/null
+++ b/lib/x509/dsa.c
@@ -0,0 +1,125 @@
+/*
+ *  Copyright (C) 2003 Nikos Mavroyanopoulos
+ *  Copyright (C) 2004 Free Software Foundation
+ *
+ *  This file is part of GNUTLS.
+ *
+ *  The GNUTLS library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public   
+ *  License as published by the Free Software Foundation; either 
+ *  version 2.1 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of 
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ *
+ */
+
+/* This file contains code for DSA keys.
+ */
+ 
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <debug.h>
+
+/* resarr will contain: p(0), q(1), g(2), y(3), x(4).
+ */
+int _gnutls_dsa_generate_params(GNUTLS_MPI* resarr, int* resarr_len, int bits)
+{
+
+	int ret;
+	gcry_sexp_t parms, key, list;
+
+	if (bits > 1024) {
+		gnutls_assert();
+		return GNUTLS_E_INVALID_REQUEST;
+	}
+
+	ret = gcry_sexp_build( &parms, NULL, "(genkey(dsa(nbits %d)))", bits);
+	if (ret != 0) {
+		gnutls_assert();
+		return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+	/* generate the DSA key 
+	 */
+	ret = gcry_pk_genkey( &key, parms);
+	gcry_sexp_release( parms);
+
+	if (ret != 0) {
+		gnutls_assert();
+		return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+       	list = gcry_sexp_find_token( key, "p", 0);
+	if (list == NULL) {
+        	gnutls_assert();
+        	gcry_sexp_release( key);
+                return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+	resarr[0] = gcry_sexp_nth_mpi(list, 1, 0);
+	gcry_sexp_release(list);
+
+       	list = gcry_sexp_find_token( key, "q", 0);
+	if (list == NULL) {
+        	gnutls_assert();
+        	gcry_sexp_release( key);
+                return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+	resarr[1] = gcry_sexp_nth_mpi(list, 1, 0);
+	gcry_sexp_release(list);
+
+       	list = gcry_sexp_find_token( key, "g", 0);
+	if (list == NULL) {
+        	gnutls_assert();
+        	gcry_sexp_release( key);
+                return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+	resarr[2] = gcry_sexp_nth_mpi(list, 1, 0);
+	gcry_sexp_release(list);
+
+       	list = gcry_sexp_find_token( key, "y", 0);
+	if (list == NULL) {
+        	gnutls_assert();
+        	gcry_sexp_release( key);
+                return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+	resarr[3] = gcry_sexp_nth_mpi(list, 1, 0);
+	gcry_sexp_release(list);
+
+
+       	list = gcry_sexp_find_token( key, "x", 0);
+	if (list == NULL) {
+        	gnutls_assert();
+        	gcry_sexp_release( key);
+                return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+	resarr[4] = gcry_sexp_nth_mpi(list, 1, 0);
+	gcry_sexp_release(list);
+
+
+	gcry_sexp_release(key);
+
+	_gnutls_dump_mpi( "p: ", resarr[0]);
+	_gnutls_dump_mpi( "q: ", resarr[1]);
+	_gnutls_dump_mpi( "g: ", resarr[2]);
+	_gnutls_dump_mpi( "y: ", resarr[3]);
+	_gnutls_dump_mpi( "x: ", resarr[4]);
+
+	*resarr_len = 5;
+
+	return 0;
+
+}
+
diff --git a/lib/x509/dsa.h b/lib/x509/dsa.h
new file mode 100644
index 0000000000..4f9d7562b9
--- /dev/null
+++ b/lib/x509/dsa.h
@@ -0,0 +1 @@
+int _gnutls_dsa_generate_params(GNUTLS_MPI* resarr, int* resarr_len, int bits);
diff --git a/src/common.c b/src/common.c
index 4305cbb21d..1bc7d45aed 100644
--- a/src/common.c
+++ b/src/common.c
@@ -1,3 +1,24 @@
+/*
+ * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
 #include <config.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -69,9 +90,7 @@ void print_x509_info(gnutls_session session, const char* hostname)
 		    gnutls_x509_crt_import(crt, &cert_list[j],
 					   GNUTLS_X509_FMT_DER);
 		if (ret < 0) {
-			const char* str = gnutls_strerror(ret);
-			if (str == NULL) str = str_unknown;
-			fprintf(stderr, "Decoding error: %s\n", str);
+			fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret));
 			return;
 		}
 
@@ -110,10 +129,8 @@ void print_x509_info(gnutls_session session, const char* hostname)
 
 			ret = gnutls_x509_crt_to_xml( crt, &xml_data, 0);
 			if (ret < 0) {
-				const char* str = gnutls_strerror(ret);
-				if (str == NULL) str = str_unknown;
 				fprintf(stderr, "XML encoding error: %s\n",
-					str);
+					gnutls_strerror(ret));
 				return;
 			}
 			
@@ -147,9 +164,7 @@ void print_x509_info(gnutls_session session, const char* hostname)
 			digest_size = sizeof(digest);
 			if ((ret=gnutls_x509_crt_get_fingerprint(crt, GNUTLS_DIG_MD5, digest, &digest_size))
 			    < 0) {
-				const char* str = gnutls_strerror(ret);
-				if (str == NULL) str = str_unknown;
-			    	fprintf(stderr, "Error in fingerprint calculation: %s\n", str);
+			    	fprintf(stderr, "Error in fingerprint calculation: %s\n", gnutls_strerror(ret));
 			} else {
 				print = printable;
 				for (i = 0; i < digest_size; i++) {
@@ -225,9 +240,7 @@ void print_openpgp_info(gnutls_session session, const char* hostname)
 		ret =
 		    gnutls_openpgp_key_import(crt, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW);
 		if (ret < 0) {
-			const char* str = gnutls_strerror(ret);
-			if (str == NULL) str = str_unknown;
-			fprintf(stderr, "Decoding error: %s\n", str);
+			fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret));
 			return;
 		}
 
@@ -262,10 +275,8 @@ void print_openpgp_info(gnutls_session session, const char* hostname)
 
 			ret = gnutls_openpgp_key_to_xml( crt, &xml_data, 0);
 			if (ret < 0) {
-				const char* str = gnutls_strerror(ret);
-				if (str == NULL) str = str_unknown;
 				fprintf(stderr, "XML encoding error: %s\n",
-					str);
+					gnutls_strerror(ret));
 				return;
 			}
 			
@@ -503,26 +514,26 @@ void print_list(void)
 	printf(", ANON-DH\n");
 
 	printf("Compression methods:");
-	printf(" ZLIB");
+	printf(" DEFLATE");
 	printf(", LZO");
 	printf(", NULL\n");
 }
 
 void print_license(void)
 {
-	fprintf(stdout,
-		"\nCopyright (C) 2001-2003 Nikos Mavroyanopoulos\n"
-		"This program is free software; you can redistribute it and/or modify \n"
-		"it under the terms of the GNU General Public License as published by \n"
-		"the Free Software Foundation; either version 2 of the License, or \n"
-		"(at your option) any later version. \n" "\n"
-		"This program is distributed in the hope that it will be useful, \n"
-		"but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
-		"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the \n"
-		"GNU General Public License for more details. \n" "\n"
-		"You should have received a copy of the GNU General Public License \n"
-		"along with this program; if not, write to the Free Software \n"
-		"Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
+fputs(	"\nCopyright (C) 2004 Free Software Foundation\n"
+	"This program is free software; you can redistribute it and/or modify \n"
+	"it under the terms of the GNU General Public License as published by \n"
+	"the Free Software Foundation; either version 2 of the License, or \n"
+	"(at your option) any later version. \n" "\n"
+	"This program is distributed in the hope that it will be useful, \n"
+	"but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
+	"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the \n"
+	"GNU General Public License for more details. \n" "\n"
+	"You should have received a copy of the GNU General Public License \n"
+	"along with this program; if not, write to the Free Software \n"
+	"Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
+	stdout);
 }
 
 void parse_protocols(char **protocols, int protocols_size,
@@ -534,8 +545,9 @@ void parse_protocols(char **protocols, int protocols_size,
 		for (j = i = 0; i < protocols_size; i++) {
 			if (strncasecmp(protocols[i], "SSL", 3) == 0)
 				protocol_priority[j++] = GNUTLS_SSL3;
-			if (strncasecmp(protocols[i], "TLS", 3) == 0)
+			else if (strncasecmp(protocols[i], "TLS", 3) == 0)
 				protocol_priority[j++] = GNUTLS_TLS1;
+			else fprintf(stderr, "Unknown protocol: '%s'\n", protocols[i]);
 		}
 		protocol_priority[j] = 0;
 	}
@@ -550,17 +562,18 @@ void parse_ciphers(char **ciphers, int nciphers, int *cipher_priority)
 			if (strncasecmp(ciphers[i], "AES", 3) == 0)
 				cipher_priority[j++] =
 				    GNUTLS_CIPHER_AES_128_CBC;
-			if (strncasecmp(ciphers[i], "3DE", 3) == 0)
+			else if (strncasecmp(ciphers[i], "3DE", 3) == 0)
 				cipher_priority[j++] =
 				    GNUTLS_CIPHER_3DES_CBC;
-			if (strcasecmp(ciphers[i], "ARCFOUR-40") == 0)
+			else if (strcasecmp(ciphers[i], "ARCFOUR-40") == 0)
 				cipher_priority[j++] =
 				    GNUTLS_CIPHER_ARCFOUR_40;
-			if (strcasecmp(ciphers[i], "ARCFOUR") == 0)
+			else if (strcasecmp(ciphers[i], "ARCFOUR") == 0)
 				cipher_priority[j++] =
 				    GNUTLS_CIPHER_ARCFOUR_128;
-			if (strncasecmp(ciphers[i], "NUL", 3) == 0)
+			else if (strncasecmp(ciphers[i], "NUL", 3) == 0)
 				cipher_priority[j++] = GNUTLS_CIPHER_NULL;
+			else fprintf(stderr, "Unknown cipher: '%s'\n", ciphers[i]);
 		}
 		cipher_priority[j] = 0;
 	}
@@ -573,10 +586,11 @@ void parse_macs(char **macs, int nmacs, int *mac_priority)
 		for (j = i = 0; i < nmacs; i++) {
 			if (strncasecmp(macs[i], "MD5", 3) == 0)
 				mac_priority[j++] = GNUTLS_MAC_MD5;
-			if (strncasecmp(macs[i], "RMD", 3) == 0)
+			else if (strncasecmp(macs[i], "RMD", 3) == 0)
 				mac_priority[j++] = GNUTLS_MAC_RMD160;
-			if (strncasecmp(macs[i], "SHA", 3) == 0)
+			else if (strncasecmp(macs[i], "SHA", 3) == 0)
 				mac_priority[j++] = GNUTLS_MAC_SHA;
+			else fprintf(stderr, "Unknown MAC: '%s'\n", macs[i]);
 		}
 		mac_priority[j] = 0;
 	}
@@ -590,8 +604,9 @@ void parse_ctypes(char **ctype, int nctype, int *cert_type_priority)
 			if (strncasecmp(ctype[i], "OPE", 3) == 0)
 				cert_type_priority[j++] =
 				    GNUTLS_CRT_OPENPGP;
-			if (strncasecmp(ctype[i], "X", 1) == 0)
+			else if (strncasecmp(ctype[i], "X", 1) == 0)
 				cert_type_priority[j++] = GNUTLS_CRT_X509;
+			else fprintf(stderr, "Unknown certificate type: '%s'\n", ctype[i]);
 		}
 		cert_type_priority[j] = 0;
 	}
@@ -604,20 +619,21 @@ void parse_kx(char **kx, int nkx, int *kx_priority)
 		for (j = i = 0; i < nkx; i++) {
 			if (strcasecmp(kx[i], "SRP") == 0)
 				kx_priority[j++] = GNUTLS_KX_SRP;
-			if (strcasecmp(kx[i], "SRP-RSA") == 0)
+			else if (strcasecmp(kx[i], "SRP-RSA") == 0)
 				kx_priority[j++] = GNUTLS_KX_SRP_RSA;
-			if (strcasecmp(kx[i], "SRP-DSS") == 0)
+			else if (strcasecmp(kx[i], "SRP-DSS") == 0)
 				kx_priority[j++] = GNUTLS_KX_SRP_DSS;
-			if (strcasecmp(kx[i], "RSA") == 0)
+			else if (strcasecmp(kx[i], "RSA") == 0)
 				kx_priority[j++] = GNUTLS_KX_RSA;
-			if (strcasecmp(kx[i], "RSA-EXPORT") == 0)
+			else if (strcasecmp(kx[i], "RSA-EXPORT") == 0)
 				kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
-			if (strncasecmp(kx[i], "DHE-RSA", 7) == 0)
+			else if (strncasecmp(kx[i], "DHE-RSA", 7) == 0)
 				kx_priority[j++] = GNUTLS_KX_DHE_RSA;
-			if (strncasecmp(kx[i], "DHE-DSS", 7) == 0)
+			else if (strncasecmp(kx[i], "DHE-DSS", 7) == 0)
 				kx_priority[j++] = GNUTLS_KX_DHE_DSS;
-			if (strncasecmp(kx[i], "ANON", 4) == 0)
+			else if (strncasecmp(kx[i], "ANON", 4) == 0)
 				kx_priority[j++] = GNUTLS_KX_ANON_DH;
+			else fprintf(stderr, "Unknown key exchange: '%s'\n", kx[i]);
 		}
 		kx_priority[j] = 0;
 	}
@@ -630,10 +646,13 @@ void parse_comp(char **comp, int ncomp, int *comp_priority)
 		for (j = i = 0; i < ncomp; i++) {
 			if (strncasecmp(comp[i], "NUL", 3) == 0)
 				comp_priority[j++] = GNUTLS_COMP_NULL;
-			if (strncasecmp(comp[i], "ZLI", 3) == 0)
-				comp_priority[j++] = GNUTLS_COMP_ZLIB;
-			if (strncasecmp(comp[i], "LZO", 3) == 0)
+			else if (strncasecmp(comp[i], "ZLI", 3) == 0)
+				comp_priority[j++] = GNUTLS_COMP_DEFLATE;
+			else if (strncasecmp(comp[i], "DEF", 3) == 0)
+				comp_priority[j++] = GNUTLS_COMP_DEFLATE;
+			else if (strncasecmp(comp[i], "LZO", 3) == 0)
 				comp_priority[j++] = GNUTLS_COMP_LZO;
+			else fprintf(stderr, "Unknown compression: '%s'\n", comp[i]);
 		}
 		comp_priority[j] = 0;
 	}
@@ -657,11 +676,11 @@ char* ret;
 
 	ret = inet_ntoa( *((struct in_addr*)src));
 	
-	if (strlen(ret) > cnt) {
+	if (ret == NULL || strlen(ret) > cnt) {
 		return NULL;
 	}
 	strcpy( dst, ret);
-	
+
 	return dst;
 }
 #endif