diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2007-10-24 10:27:04 +0300 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2007-10-24 10:27:04 +0300 |
| commit | 91b8389c34b89eba1e2b3f13c43c7c50ea0d6010 (patch) | |
| tree | 34ebd4fc4d08b5748db4c7047e0cc8e1c517c247 | |
| parent | 12c545d3beb9c759e94cc091f5cbcf3850b3ce18 (diff) | |
| download | gnutls-91b8389c34b89eba1e2b3f13c43c7c50ea0d6010.tar.gz | |
Introduced gnutls_session_enable_compatibility_mode() to allow enabling
all supported compatibility options (like disabling padding). Some other bug fixes
in tls-test.c.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | doc/examples/ex-serv1.c | 7 | ||||
| -rw-r--r-- | includes/gnutls/gnutls.h.in | 2 | ||||
| -rw-r--r-- | lib/gnutls_state.c | 19 | ||||
| -rw-r--r-- | src/serv.c | 5 | ||||
| -rw-r--r-- | src/tests.c | 11 | ||||
| -rw-r--r-- | src/tests.h | 2 |
7 files changed, 39 insertions, 10 deletions
@@ -14,8 +14,11 @@ version 1 certificates. buggy clients that complain if the TLS 1.0 record protocol padding is used. +** Introduced gnutls_session_enable_compatibility_mode() to allow enabling +all supported compatibility options (like disabling padding). ** API and ABI modifications: +gnutls_session_enable_compatibility_mode: ADDED gnutls_record_disable_padding: ADDED gnutls_mac_convert_priority: ADDED gnutls_compression_convert_priority: ADDED diff --git a/doc/examples/ex-serv1.c b/doc/examples/ex-serv1.c index 6ea17b584f..e331542a05 100644 --- a/doc/examples/ex-serv1.c +++ b/doc/examples/ex-serv1.c @@ -55,8 +55,11 @@ initialize_tls_session (void) /* request client certificate if any. */ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); - - gnutls_dh_set_prime_bits (session, DH_BITS); + + /* Set maximum compatibility mode. This is only suggested on public webservers + * that need to trade security for compatibility + */ + gnutls_session_enable_compatibility_mode( session); return session; } diff --git a/includes/gnutls/gnutls.h.in b/includes/gnutls/gnutls.h.in index fa540b547b..345752474b 100644 --- a/includes/gnutls/gnutls.h.in +++ b/includes/gnutls/gnutls.h.in @@ -431,6 +431,8 @@ extern "C" #define gnutls_read gnutls_record_recv #define gnutls_write gnutls_record_send + void gnutls_session_enable_compatibility_mode (gnutls_session_t session); + void gnutls_record_disable_padding (gnutls_session_t session); int gnutls_record_get_direction (gnutls_session_t session); diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 0b3c9e2c49..70d1e1c115 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -1230,3 +1230,22 @@ void gnutls_handshake_set_post_client_hello_function( gnutls_session_t session, { session->internals.user_hello_func = func; } + +/** + * gnutls_session_enable_compatibility_mode - Used to disable certain features in TLS in order to honour compatibility + * @session: is a #gnutls_session_t structure. + * + * This function can be used to disable certain (security) features in TLS + * in order to maintain maximum compatibility with buggy clients. It is + * equivalent to calling: + * gnutls_record_disable_padding() + + * Normally only servers that require maximum compatibility with everything + * out there, need to call this function. + * + **/ +void +gnutls_session_enable_compatibility_mode (gnutls_session_t session) +{ + gnutls_record_disable_padding( session); +} diff --git a/src/serv.c b/src/serv.c index e5c54f75f3..067c05be93 100644 --- a/src/serv.c +++ b/src/serv.c @@ -414,6 +414,11 @@ initialize_session (void) gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); } + /* Set maximum compatibility mode. This is only suggested on public webservers + * that need to trade security for compatibility + */ + gnutls_session_enable_compatibility_mode( session); + #ifdef ENABLE_OPRFI if (info.opaque_prf_input) gnutls_oprfi_enable_server (session, oprfi_callback, NULL); diff --git a/src/tests.c b/src/tests.c index bc9bc11be9..0818acb55c 100644 --- a/src/tests.c +++ b/src/tests.c @@ -50,7 +50,7 @@ int tls1_1_ok = 0; /* keep session info */ static char *session_data = NULL; static char session_id[32]; -static int session_data_size = 0, session_id_size = 0; +static size_t session_data_size = 0, session_id_size = 0; static int sfree = 0; static int handshake_output = 0; @@ -217,13 +217,10 @@ ADD_PROTOCOL3 (gnutls_session_t session, int p1, int p2, int p3) static int srp_detected; int -_test_srp_username_callback (gnutls_session_t session, unsigned int times, - char **username, char **password) +_test_srp_username_callback (gnutls_session_t session, + char **username, char **password) { - if (times == 1) - { - srp_detected = 1; - } + srp_detected = 1; return -1; } diff --git a/src/tests.h b/src/tests.h index bfb357f927..2f27f85037 100644 --- a/src/tests.h +++ b/src/tests.h @@ -38,5 +38,5 @@ test_code_t test_rsa_pms_version_check (gnutls_session_t session); test_code_t test_version_oob (gnutls_session_t session); test_code_t test_zlib (gnutls_session_t session); test_code_t test_lzo (gnutls_session_t session); -int _test_srp_username_callback (gnutls_session_t session, unsigned int times, +int _test_srp_username_callback (gnutls_session_t session, char **username, char **password); |