diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-30 13:58:38 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-30 13:58:38 +0000 |
commit | d92b77866b3bcb9eb1544d86e236a35d295ffe1f (patch) | |
tree | 9f6215773961d74cd06f855d0610715e890bcfdd | |
parent | 07053a732434bf4cadabb7fdf0e532348b5984a6 (diff) | |
download | gnutls-d92b77866b3bcb9eb1544d86e236a35d295ffe1f.tar.gz |
some fixes to comply with the SRP draft. The handshake is now repeated if an empty SRP username is received.
-rw-r--r-- | doc/README.autoconf | 4 | ||||
-rw-r--r-- | lib/gnutls_alert.c | 4 | ||||
-rw-r--r-- | lib/gnutls_errors.c | 1 | ||||
-rw-r--r-- | lib/gnutls_errors_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 4 | ||||
-rw-r--r-- | libextra/auth_srp.c | 13 | ||||
-rw-r--r-- | src/serv-gaa.c | 4 | ||||
-rw-r--r-- | src/serv.c | 3 |
8 files changed, 22 insertions, 13 deletions
diff --git a/doc/README.autoconf b/doc/README.autoconf index 44be0917cd..3f928aae0d 100644 --- a/doc/README.autoconf +++ b/doc/README.autoconf @@ -5,7 +5,7 @@ aclocal.m4: include(libgnutls.m4) configure.in: - AM_PATH_LIBGNUTLS( 0.9.99,, AC_MSG_ERROR([[ + AM_PATH_LIBGNUTLS( 1.0.0,, AC_MSG_ERROR([[ *** *** libgnutls was not found. You may want to get it from *** ftp://ftp.gnutls.org/pub/gnutls/ @@ -18,7 +18,7 @@ aclocal.m4: include(libgnutls-extra.m4) configure.in: - AM_PATH_LIBGNUTLS_EXTRA( 0.9.99,, AC_MSG_ERROR([[ + AM_PATH_LIBGNUTLS_EXTRA( 1.0.0,, AC_MSG_ERROR([[ *** *** libgnutls-extra was not found. You may want to get it from *** ftp://ftp.gnutls.org/pub/gnutls/ diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index 8476f5b5ae..d8dc35c9a4 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -154,10 +154,6 @@ int _level = -1; ret = GNUTLS_A_BAD_RECORD_MAC; _level = GNUTLS_AL_FATAL; break; - case GNUTLS_E_EMPTY_SRP_USERNAME: - ret = GNUTLS_A_MISSING_SRP_USERNAME; - _level = GNUTLS_AL_FATAL; - break; case GNUTLS_E_DECOMPRESSION_FAILED: ret = GNUTLS_A_DECOMPRESSION_FAILURE; _level = GNUTLS_AL_FATAL; diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index f0ec534ec0..c795ca2e60 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -138,7 +138,6 @@ static gnutls_error_entry error_algorithms[] = { ERROR_ENTRY("Could not get OpenPGP key.", GNUTLS_E_OPENPGP_GETKEY_FAILED, 1), ERROR_ENTRY("The SRP username supplied by the peer is illegal.", GNUTLS_E_ILLEGAL_SRP_USERNAME, 1), - ERROR_ENTRY("The peer advertized SRP but did not supply any SRP username.", GNUTLS_E_EMPTY_SRP_USERNAME, 1), ERROR_ENTRY("The OpenPGP fingerprint is not supported.", GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1), ERROR_ENTRY("The certificate has unsupported attributes.", GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1), diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h index 8ec8d6b855..3f64c626d7 100644 --- a/lib/gnutls_errors_int.h +++ b/lib/gnutls_errors_int.h @@ -86,7 +86,6 @@ #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90 #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91 -#define GNUTLS_E_EMPTY_SRP_USERNAME -92 #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93 /* For certificate and key stuff @@ -129,5 +128,6 @@ /* _INT_ internal errors. Not exported */ #define GNUTLS_E_INT_RET_0 -1251 +#define GNUTLS_E_INT_HANDSHAKE_AGAIN -1252 #endif /* GNUTLS_ERRORS_IH */ diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 2296914feb..65f39ff1a5 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1884,6 +1884,10 @@ int gnutls_handshake(gnutls_session session) #define IMED_RET( str, ret) do { \ if (ret < 0) { \ + if (ret == GNUTLS_E_INT_HANDSHAKE_AGAIN) { \ + STATE = STATE0; \ + return GNUTLS_E_AGAIN; \ + } \ if (gnutls_error_is_fatal(ret)==0) return ret; \ gnutls_assert(); \ ERR( str, ret); \ diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index 4bb8c432d3..9abd02ae60 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -32,6 +32,7 @@ #include "auth_srp.h" #include <gnutls_str.h> #include <gnutls_datum.h> +#include <gnutls_alert.h> int _gnutls_gen_srp_server_kx(gnutls_session, opaque **); int _gnutls_gen_srp_client_kx(gnutls_session, opaque **); @@ -84,10 +85,18 @@ int _gnutls_gen_srp_server_kx(gnutls_session state, opaque ** data) if (state->security_parameters.extensions.srp_username[0] == 0) { /* The peer didn't send a valid SRP extension with the - * SRP username. + * SRP username. The draft requires that we send an + * alert and start the handshake again. */ gnutls_assert(); - return GNUTLS_E_EMPTY_SRP_USERNAME; + ret = gnutls_alert_send( state, GNUTLS_AL_WARNING, + GNUTLS_A_MISSING_SRP_USERNAME); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return GNUTLS_E_INT_HANDSHAKE_AGAIN; } if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_SRP, sizeof( SRP_SERVER_AUTH_INFO_INT), 1)) < 0) { diff --git a/src/serv-gaa.c b/src/serv-gaa.c index abb4d237e0..15876fa31d 100644 --- a/src/serv-gaa.c +++ b/src/serv-gaa.c @@ -463,7 +463,7 @@ int gaa_getint(char *arg) { int tmp; char a; - if(sscanf(arg, "%d%c", &tmp, &a) < 1) + if(sscanf(arg, "%d%c", &tmp, &a) != 1) { printf("Option %s: '%s' isn't an integer\n", gaa_current_option, arg); GAAERROR(-1); @@ -489,7 +489,7 @@ float gaa_getfloat(char *arg) { float tmp; char a; - if(sscanf(arg, "%f%c", &tmp, &a) < 1) + if(sscanf(arg, "%f%c", &tmp, &a) != 1) { printf("Option %s: '%s' isn't a float number\n", gaa_current_option, arg); GAAERROR(-1); diff --git a/src/serv.c b/src/serv.c index a3af0a0fe5..00fa77f75b 100644 --- a/src/serv.c +++ b/src/serv.c @@ -250,7 +250,8 @@ int protocol_priority[PRI_MAX] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; int kx_priority[PRI_MAX] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, /* Do not use anonymous authentication, unless you know what that means */ - GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA_EXPORT, 0 + GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA, GNUTLS_KX_ANON_DH, + GNUTLS_KX_RSA_EXPORT, 0 }; int cipher_priority[PRI_MAX] = { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, |