diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2007-10-22 23:53:47 +0300 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2007-10-22 23:53:47 +0300 |
| commit | 35095bc205d3372e157c46a00bf9469fa0421183 (patch) | |
| tree | c2afc17835ff55950d75b3872c566284dc7a2d62 | |
| parent | f4ace9601e3f1e096424f0dd0ab40c8ec710bec7 (diff) | |
| download | gnutls-35095bc205d3372e157c46a00bf9469fa0421183.tar.gz | |
Added gnutls_record_disable_padding() to allow servers talk to buggy clients that complain if TLS 1.0 padding is used.
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | includes/gnutls/gnutls.h.in | 2 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 3 | ||||
| -rw-r--r-- | lib/gnutls_record.c | 21 |
4 files changed, 31 insertions, 1 deletions
@@ -10,7 +10,13 @@ version 1 certificates. ** Added priority functions that accept strings. +** Added gnutls_record_disable_padding() to allow servers talking to +buggy clients that complain if the TLS 1.0 record protocol padding is +used. + + ** API and ABI modifications: +gnutls_record_disable_padding: ADDED gnutls_mac_set_priority2: ADDED gnutls_compression_set_priority2: ADDED gnutls_protocol_set_priority2: ADDED diff --git a/includes/gnutls/gnutls.h.in b/includes/gnutls/gnutls.h.in index 87724eba9b..1bd2d29921 100644 --- a/includes/gnutls/gnutls.h.in +++ b/includes/gnutls/gnutls.h.in @@ -419,6 +419,8 @@ extern "C" #define gnutls_read gnutls_record_recv #define gnutls_write gnutls_record_send + void gnutls_record_disable_padding (gnutls_session_t session); + int gnutls_record_get_direction (gnutls_session_t session); size_t gnutls_record_get_max_size (gnutls_session_t session); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index e0edd162b8..fa401403fc 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -458,6 +458,9 @@ typedef struct /* sockets internals */ int lowat; + + /* to disable record padding */ + int no_padding; /* These buffers are used in the handshake * protocol only. freed using _gnutls_handshake_io_buffer_clear(); diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 75234b7adf..dc3d4154fd 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -84,6 +84,25 @@ gnutls_transport_set_lowat (gnutls_session_t session, int num) } /** + * gnutls_record_disable_padding - Used to disabled padding in TLS 1.0 and above + * @session: is a #gnutls_session_t structure. + * + * Used to disabled padding in TLS 1.0 and above. Normally you do not need + * to use this function, but there are buggy clients that complain if a + * server pads the encrypted data. This of course will disable protection + * against statistical attacks on the data. + * + * Normally only servers that require maximum compatibility with everything + * out there, need to call this function. + * + **/ +void +gnutls_record_disable_padding (gnutls_session_t session) +{ + session->internals.no_padding = 1; +} + +/** * gnutls_transport_set_ptr - Used to set first argument of the transport functions * @session: is a #gnutls_session_t structure. * @ptr: is the value. @@ -389,7 +408,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, cipher_size = _gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data, - data2send_size, cipher, cipher_size, type, 1); + data2send_size, cipher, cipher_size, type, session->internals.no_padding); if (cipher_size <= 0) { gnutls_assert (); |