diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-05-06 12:41:40 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-11-29 13:21:53 +0100 |
commit | 0ecce7191dfd78387f2994253d37ed1df50d563d (patch) | |
tree | fb1d66e9329cdad3ef617c02b96c77aca1c8dd3e /lib/includes/gnutls/gnutls.h.in | |
parent | ee3af8d6e863bd958cbe7468f9cbe09d803f4e92 (diff) | |
download | gnutls-0ecce7191dfd78387f2994253d37ed1df50d563d.tar.gz |
priority: support allowlisting in configuration file
This adds a new mode of interpreting the [overrides] section. If
"override-mode" is set to "allowlisting" in the [global] section, all
the algorithms (hashes, signature algorithms, curves, and versions)
are initially marked as insecure/disabled. Then the user can enable
them by specifying allowlisting keywords such as "secure-hash" in the
[overrides] section.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
Diffstat (limited to 'lib/includes/gnutls/gnutls.h.in')
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index d69b29b443..1e883aa8eb 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1438,6 +1438,17 @@ const char * gnutls_mac_algorithm_t * mac, gnutls_protocol_t * min_version); + /* functions for run-time enablement of algorithms */ +int gnutls_ecc_curve_set_enabled(gnutls_ecc_curve_t curve, + unsigned int enabled); +int gnutls_sign_set_secure(gnutls_sign_algorithm_t sign, unsigned int secure); +int gnutls_sign_set_secure_for_certs(gnutls_sign_algorithm_t sign, + unsigned int secure); +int gnutls_digest_set_secure(gnutls_digest_algorithm_t dig, + unsigned int secure); +int gnutls_protocol_set_enabled(gnutls_protocol_t version, + unsigned int enabled); + /* error functions */ int gnutls_error_is_fatal(int error) __GNUTLS_CONST__; int gnutls_error_to_alert(int err, int *level); |