diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-03-15 22:51:43 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-03-15 22:51:43 +0100 |
| commit | de9bc9b3dc1ec01d39a7a53502066ff93a56d7a9 (patch) | |
| tree | c2b76b921c724e7c2e003894b7edd33898735b63 /lib | |
| parent | de209286f0fb07ffbc4429d4896f852dd6d7259f (diff) | |
| download | gnutls-de9bc9b3dc1ec01d39a7a53502066ff93a56d7a9.tar.gz | |
Safe renegotiation is not enabled by default in client side.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ext_safe_renegotiation.c | 13 | ||||
| -rw-r--r-- | lib/gnutls_priority.c | 10 | ||||
| -rw-r--r-- | lib/gnutls_record.c | 4 |
3 files changed, 26 insertions, 1 deletions
diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c index 492e9be9b2..51c98d94e7 100644 --- a/lib/ext_safe_renegotiation.c +++ b/lib/ext_safe_renegotiation.c @@ -151,3 +151,16 @@ gnutls_safe_renegotiation_set (gnutls_session_t session, int value) { session->internals.priorities.unsafe_renegotiation = 1-value; } + +/** + * gnutls_safe_renegotiation_status: + * @session: is a #gnutls_session_t structure. + * + * Can be used to check whether safe renegotiation is being used + * in the current session. Returns 0 when not and non zero when + * used. + **/ +int gnutls_safe_renegotiation_status (gnutls_session_t session) +{ + return session->internals.connection_using_safe_renegotiation; +} diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 869c525ca6..36bdc6370c 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -522,7 +522,11 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) * * "%COMPAT" will enable compatibility features for a server. * - * "%UNSAFE_RENEGOTIATION" will allow unsafe renegotiation. + * "%UNSAFE_RENEGOTIATION" will allow unsafe renegotiation (this is now + * the default, but will change once more servers support the safe renegotiation + * TLS fix). + * + * "%SAFE_RENEGOTIATION" will allow safe renegotiation only. * * "%INITIAL_SAFE_RENEGOTIATION" will force initial safe negotiation even if * renegotiation wasn't requested. Only valid for server side. @@ -571,6 +575,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } + (*priority_cache)->unsafe_renegotiation = 1; if (priorities == NULL) priorities = "NORMAL"; @@ -723,6 +728,9 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, "UNSAFE_RENEGOTIATION") == 0) (*priority_cache)->unsafe_renegotiation = 1; else if (strcasecmp (&broken_list[i][1], + "SAFE_RENEGOTIATION") == 0) + (*priority_cache)->unsafe_renegotiation = 0; + else if (strcasecmp (&broken_list[i][1], "INITIAL_SAFE_RENEGOTIATION") == 0) (*priority_cache)->initial_safe_renegotiation = 1; else if (strcasecmp (&broken_list[i][1], diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index f1cf2ac303..1ea5c2d94b 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -904,9 +904,13 @@ begin: _gnutls_io_read_buffered (session, &headers, header_size, -1)) != header_size) { + _gnutls_handshake_log ("XXX[]: ret: %d %s\n", ret, gnutls_strerror(ret)); + if (ret < 0 && gnutls_error_is_fatal (ret) == 0) return ret; + _gnutls_handshake_log ("XXX2[]: ret: %d %s\n", ret, gnutls_strerror(ret)); + session_invalidate (session); if (type == GNUTLS_ALERT) { |