diff options
-rw-r--r-- | configure.in | 50 | ||||
-rw-r--r-- | doc/tex/ex1.tex | 16 | ||||
-rw-r--r-- | doc/tex/ex2.tex | 16 | ||||
-rw-r--r-- | doc/tex/serv1.tex | 15 | ||||
-rw-r--r-- | doc/tex/srp1.tex | 22 | ||||
-rw-r--r-- | lib/defines.h | 12 | ||||
-rw-r--r-- | lib/gnutls.h.in | 2 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 6 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 142 | ||||
-rw-r--r-- | lib/gnutls_record.c | 3 | ||||
-rw-r--r-- | src/cli.c | 27 | ||||
-rw-r--r-- | src/serv.c | 17 |
13 files changed, 131 insertions, 199 deletions
diff --git a/configure.in b/configure.in index 8526dce84e..67b1bbcb64 100644 --- a/configure.in +++ b/configure.in @@ -186,56 +186,6 @@ AC_CHECK_HEADERS(utime.h errno.h sys/time.h time.h) AC_CHECK_FUNCS(bzero memset utime memmove bcopy,,) -dnl Defines USE_VA_COPY -AC_MSG_CHECKING([whether we have va_copy or __va_copy]) -AC_TRY_RUN( -changequote(<<, >>)dnl -<< -#ifdef HAVE_STDARG_H -# include <stdarg.h> -#endif -int main() { -va_list a,b; -va_copy(a, b); -return 0; -} ->> -changequote([, ])dnl -, -dnl ************ HAVE_VA_COPY -AC_DEFINE(HAVE_VA_COPY) -AC_DEFINE(USE_VA_COPY) -AC_MSG_RESULT(va_copy) -, -dnl ************ NO VA_COPY - dnl Defines USE_VA_COPY - AC_TRY_RUN( - changequote(<<, >>)dnl - <<#ifdef HAVE_STDARG_H - # include <stdarg.h> - #endif - int main() { - va_list a,b; - __va_copy(a, b); - return 0; - } - >> - changequote([, ])dnl - , - dnl ************ HAVE___VA_COPY - AC_DEFINE(HAVE___VA_COPY) - AC_DEFINE(USE_VA_COPY) - AC_MSG_RESULT(__va_copy) - , - dnl ************ NO __VA_COPY - AC_MSG_RESULT(none) - ) -, -dnl **** CROSS COMPILING -AC_MSG_RESULT(none) -) - - AC_MSG_RESULT([*** *** Detecting system's parameters... diff --git a/doc/tex/ex1.tex b/doc/tex/ex1.tex index 08b82c0f5c..27fbcca778 100644 --- a/doc/tex/ex1.tex +++ b/doc/tex/ex1.tex @@ -16,6 +16,12 @@ #define SA struct sockaddr #define MSG "GET / HTTP/1.0\r\n\r\n" +const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; +const int kx_priority[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, 0 }; +const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; +const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; +const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; + int main() { const char *PORT = "443"; @@ -60,12 +66,12 @@ int main() exit(1); } gnutls_init(&state, GNUTLS_CLIENT); - gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_cipher_set_priority(state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0); - gnutls_compression_set_priority(state, GNUTLS_COMP_NULL, 0); - gnutls_kx_set_priority(state, GNUTLS_KX_RSA, 0); - gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_protocol_set_priority(state, protocol_priority); + gnutls_cipher_set_priority(state, cipher_priority); + gnutls_compression_set_priority(state, comp_priority); + gnutls_kx_set_priority(state, kx_priority); + gnutls_mac_set_priority(state, mac_priority); gnutls_set_cred(state, GNUTLS_X509PKI, xcred); diff --git a/doc/tex/ex2.tex b/doc/tex/ex2.tex index 43f28b4eca..9aab9b0dd9 100644 --- a/doc/tex/ex2.tex +++ b/doc/tex/ex2.tex @@ -24,6 +24,12 @@ int main() GNUTLS_STATE state; char buffer[MAX_BUF + 1]; X509PKI_CLIENT_CREDENTIALS xcred; + const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; + const int kx_priority[] = { GNUTLS_KX_RSA, 0 }; + const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; + const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; + const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; + if (gnutls_global_init() < 0) { fprintf(stderr, "global state initialization error\n"); @@ -58,24 +64,24 @@ int main() /* allow both SSL3 and TLS1 */ - gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); + gnutls_protocol_set_priority(state, protocol_priority); /* allow only ARCFOUR and 3DES ciphers * (3DES has the highest priority) */ - gnutls_cipher_set_priority(state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0); + gnutls_cipher_set_priority(state, cipher_priority); /* only allow null compression */ - gnutls_compression_set_priority(state, GNUTLS_COMP_NULL, 0); + gnutls_compression_set_priority(state, comp_priority); /* use GNUTLS_KX_RSA */ - gnutls_kx_set_priority(state, GNUTLS_KX_RSA, 0); + gnutls_kx_set_priority(state, kx_priority); /* allow the usage of both SHA and MD5 */ - gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_mac_set_priority(state, mac_priority); /* put the x509 credentials to the current state diff --git a/doc/tex/serv1.tex b/doc/tex/serv1.tex index 7b7effa8e4..7d2ef42613 100644 --- a/doc/tex/serv1.tex +++ b/doc/tex/serv1.tex @@ -37,6 +37,11 @@ GNUTLS_STATE initialize_state() { GNUTLS_STATE state; int ret; + const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; + const int kx_priority[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; + const int cipher_priority[] = { GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_3DES_CBC, 0}; + const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; + const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; gnutls_init(&state, GNUTLS_SERVER); @@ -45,11 +50,11 @@ GNUTLS_STATE initialize_state() if ((ret = gnutls_db_set_name(state, "gnutls-rsm.db")) < 0) fprintf(stderr, "*** DB error (%d)\n\n", ret); - gnutls_cipher_set_priority(state, GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_3DES_CBC, 0); - gnutls_compression_set_priority(state, GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0); - gnutls_kx_set_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, 0); - gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_protocol_set_priority(state, protocol_priority); + gnutls_cipher_set_priority(state, cipher_priority); + gnutls_compression_set_priority(state, comp_priority); + gnutls_kx_set_priority(state, kx_priority); + gnutls_mac_set_priority(state, mac_priority); gnutls_set_cred(state, GNUTLS_SRP, srp_cred); gnutls_set_cred(state, GNUTLS_X509PKI, x509_cred); diff --git a/doc/tex/srp1.tex b/doc/tex/srp1.tex index 240f290313..4c93016062 100644 --- a/doc/tex/srp1.tex +++ b/doc/tex/srp1.tex @@ -14,6 +14,12 @@ #define SA struct sockaddr #define MSG "GET / HTTP/1.0\r\n\r\n" +const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; +const int kx_priority[] = { GNUTLS_KX_SRP, 0 }; +const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; +const int comp_priority[] = { GNUTLS_COMP_NULL, 0 }; +const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; + int main() { const char *PORT = "443"; @@ -55,24 +61,24 @@ int main() /* allow both SSL3 and TLS1 */ - gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - + gnutls_protocol_set_priority(state, protocol_priority); + /* allow only ARCFOUR and 3DES ciphers * (3DES has the highest priority) */ - gnutls_cipher_set_priority(state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0); + gnutls_cipher_set_priority(state, cipher_priority); /* only allow null compression */ - gnutls_compression_set_priority(state, GNUTLS_COMP_NULL, 0); - + gnutls_compression_set_priority(state, comp_priority); + /* use GNUTLS_KX_RSA */ - gnutls_kx_set_priority(state, GNUTLS_KX_SRP, 0); - + gnutls_kx_set_priority(state, kx_priority); + /* allow the usage of both SHA and MD5 */ - gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_mac_set_priority(state, mac_priority); /* put the SRP credentials to the current state diff --git a/lib/defines.h b/lib/defines.h index 6cb52adff7..6d71591ee7 100644 --- a/lib/defines.h +++ b/lib/defines.h @@ -39,10 +39,6 @@ typedef int ssize_t; #endif -#ifdef HAVE_STDARG_H -# include <stdarg.h> -#endif - #ifdef HAVE_STRINGS_H # include <strings.h> #endif @@ -122,12 +118,4 @@ # endif #endif -#ifdef USE_VA_COPY -# ifndef HAVE_VA_COPY -# define VA_COPY __va_copy -# else -# define VA_COPY va_copy -# endif -#endif - #endif /* defines_h */ diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index 9bfc3d7bdc..0b62318652 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -62,7 +62,7 @@ typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version; */ #define GNUTLS_SOCKET_PTR int -#define GNUTLS_LIST ... +typedef const int* GNUTLS_LIST; struct GNUTLS_STATE_INT; typedef struct GNUTLS_STATE_INT* GNUTLS_STATE; diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 72f409e5b3..22ed428866 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -438,7 +438,7 @@ const char *gnutls_mac_get_name(MACAlgorithm algorithm) /* avoid prefix */ GNUTLS_HASH_ALG_LOOP(ret = - p->name + sizeof("GNUTLS_") - 1); + p->name + sizeof("GNUTLS_MAC_") - 1); return ret; } @@ -495,7 +495,7 @@ const char *gnutls_compression_get_name(CompressionMethod algorithm) /* avoid prefix */ GNUTLS_COMPRESSION_ALG_LOOP(ret = - p->name + sizeof("GNUTLS_") - + p->name + sizeof("GNUTLS_COMP_") - 1); return ret; @@ -613,7 +613,7 @@ const char *gnutls_cipher_get_name(BulkCipherAlgorithm algorithm) char *ret = NULL; /* avoid prefix */ - GNUTLS_ALG_LOOP(ret = p->name + sizeof("GNUTLS_") - 1); + GNUTLS_ALG_LOOP(ret = p->name + sizeof("GNUTLS_CIPHER_") - 1); return ret; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 85eee4870d..06c702f8e1 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -40,7 +40,7 @@ */ #define GNUTLS_SOCKET_PTR int -#define GNUTLS_LIST ... +typedef const int* GNUTLS_LIST; #define MIN_BITS 1023 diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index e2d556a9cd..21c83f99dd 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -27,7 +27,7 @@ /** * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls. * @state: is a &GNUTLS_STATE structure. - * @GNUTLS_LIST: is a 0 terminated list of BulkCipherAlgorithm elements. + * @list: is a 0 terminated list of BulkCipherAlgorithm elements. * * Sets the priority on the ciphers supported by gnutls. * Priority is higher for ciphers specified before others. @@ -36,22 +36,13 @@ * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { - - va_list ap; - int i,num=0; - va_list _ap; - - va_start( ap, state); +int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { +GNUTLS_LIST _list = list; +int num=0, i; -#ifdef USE_VA_COPY - VA_COPY( _ap, ap); -#else - _ap = ap; -#endif - - while( va_arg(ap, BulkCipherAlgorithm) != 0) { + while( *_list != 0) { num++; + ++_list; } if (state->gnutls_internals.BulkCipherAlgorithmPriority.algorithm_priority!=NULL) @@ -64,18 +55,16 @@ int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { state->gnutls_internals.BulkCipherAlgorithmPriority.algorithms = num; for (i=0;i<num;i++) { - state->gnutls_internals.BulkCipherAlgorithmPriority.algorithm_priority[i] = va_arg(_ap, BulkCipherAlgorithm); + state->gnutls_internals.BulkCipherAlgorithmPriority.algorithm_priority[i] = list[i]; } - va_end(ap); - return 0; } /** * gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls. * @state: is a &GNUTLS_STATE structure. - * @GNUTLS_LIST: is a 0 terminated list of KXAlgorithm elements. + * @list: is a 0 terminated list of KXAlgorithm elements. * * Sets the priority on the key exchange algorithms supported by gnutls. * Priority is higher for algorithms specified before others. @@ -84,23 +73,15 @@ int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { - - va_list ap; - va_list _ap; - int i,num=0; - - va_start( ap, state); +int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { +GNUTLS_LIST _list = list; +int num=0, i; -#ifdef USE_VA_COPY - VA_COPY( _ap, ap); -#else - _ap = ap; -#endif - - while( va_arg(ap, KXAlgorithm) != 0) { + while( *_list != 0) { num++; - } + ++_list; + } + if (state->gnutls_internals.KXAlgorithmPriority.algorithm_priority!=NULL) gnutls_free(state->gnutls_internals.KXAlgorithmPriority.algorithm_priority); @@ -110,17 +91,16 @@ int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { state->gnutls_internals.KXAlgorithmPriority.algorithms = num; for (i=0;i<num;i++) { - state->gnutls_internals.KXAlgorithmPriority.algorithm_priority[i] = va_arg( _ap, KXAlgorithm); + state->gnutls_internals.KXAlgorithmPriority.algorithm_priority[i] = list[i]; } - va_end(ap); return 0; } /** * gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls. * @state: is a &GNUTLS_STATE structure. - * @GNUTLS_LIST: is a 0 terminated list of MACAlgorithm elements. + * @list: is a 0 terminated list of MACAlgorithm elements. * * Sets the priority on the mac algorithms supported by gnutls. * Priority is higher for algorithms specified before others. @@ -129,23 +109,15 @@ int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { - - va_list ap; - int i, num=0; - va_list _ap; - - va_start( ap, state); +int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { +GNUTLS_LIST _list = list; +int num=0, i; -#ifdef USE_VA_COPY - VA_COPY( _ap, ap); -#else - _ap = ap; -#endif - - while( va_arg(ap, MACAlgorithm) != 0) { + while( *_list != 0) { num++; - } + ++_list; + } + if (state->gnutls_internals.MACAlgorithmPriority.algorithm_priority!=NULL) gnutls_free(state->gnutls_internals.MACAlgorithmPriority.algorithm_priority); @@ -155,17 +127,16 @@ int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { state->gnutls_internals.MACAlgorithmPriority.algorithms = num; for (i=0;i<num;i++) { - state->gnutls_internals.MACAlgorithmPriority.algorithm_priority[i] = va_arg(_ap, MACAlgorithm); + state->gnutls_internals.MACAlgorithmPriority.algorithm_priority[i] = list[i]; } - va_end(ap); return 0; } /** * gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls. * @state: is a &GNUTLS_STATE structure. - * @GNUTLS_LIST: is a 0 terminated list of CompressionMethod elements. + * @list: is a 0 terminated list of CompressionMethod elements. * * Sets the priority on the compression algorithms supported by gnutls. * Priority is higher for algorithms specified before others. @@ -174,23 +145,14 @@ int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { - - va_list ap; - int i,num=0; - va_list _ap; - - va_start( ap, state); - -#ifdef USE_VA_COPY - VA_COPY( _ap, ap); -#else - _ap = ap; -#endif +int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { +GNUTLS_LIST _list = list; +int num=0, i; - while( va_arg( ap, CompressionMethod) != 0) { + while( *_list != 0) { num++; - } + ++_list; + } if (state->gnutls_internals.CompressionMethodPriority.algorithm_priority!=NULL) gnutls_free(state->gnutls_internals.CompressionMethodPriority.algorithm_priority); @@ -200,16 +162,15 @@ int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { state->gnutls_internals.CompressionMethodPriority.algorithms = num; for (i=0;i<num;i++) { - state->gnutls_internals.CompressionMethodPriority.algorithm_priority[i] = va_arg( _ap, CompressionMethod); + state->gnutls_internals.CompressionMethodPriority.algorithm_priority[i] = list[i]; } - va_end(ap); return 0; } /** * gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls. * @state: is a &GNUTLS_STATE structure. - * @GNUTLS_LIST: is a 0 terminated list of GNUTLS_Version elements. + * @list: is a 0 terminated list of GNUTLS_Version elements. * * Sets the priority on the protocol versions supported by gnutls. * Priority is higher for protocols specified before others. @@ -218,23 +179,16 @@ int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { * not use the protocols's priority except for disabling * protocols that were not specified. **/ -int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { - - va_list ap; - int i,num=0; - va_list _ap; - - va_start( ap, state); - -#ifdef USE_VA_COPY - VA_COPY( _ap, ap); -#else - _ap = ap; -#endif +int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { +GNUTLS_LIST _list = list; +int num=0, i; +GNUTLS_Version ver; - while( va_arg( ap, int) != 0) { + while( *_list != 0) { num++; - } + ++_list; + } + if (state->gnutls_internals.ProtocolPriority.algorithm_priority!=NULL) gnutls_free(state->gnutls_internals.ProtocolPriority.algorithm_priority); @@ -248,12 +202,16 @@ int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { state->gnutls_internals.ProtocolPriority.algorithms = num; for (i=0;i<num;i++) { - state->gnutls_internals.ProtocolPriority.algorithm_priority[i] = va_arg( _ap, GNUTLS_Version); + state->gnutls_internals.ProtocolPriority.algorithm_priority[i] = list[i]; } - va_end(ap); - /* set the current version to the lowest + /* set the current version to the first chosen by the peer. */ - _gnutls_set_current_version( state, state->gnutls_internals.ProtocolPriority.algorithm_priority[num-1]); + ver = _gnutls_version_lowest( state); + if (ver < 0) { + gnutls_assert(); + return GNUTLS_E_UNKNOWN_ERROR; + } + _gnutls_set_current_version( state, ver); return 0; } diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 3bfddc0328..82fbcb679e 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -98,6 +98,7 @@ void gnutls_transport_set_ptr(GNUTLS_STATE state, GNUTLS_SOCKET_PTR ptr) { **/ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end) { +int default_protocol_list[] = { GNUTLS_TLS1, 0 }; *state = gnutls_calloc(1, sizeof(struct GNUTLS_STATE_INT)); if (*state==NULL) return GNUTLS_E_MEMORY_ERROR; @@ -116,7 +117,7 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end) (*state)->gnutls_internals.resumable = RESUME_TRUE; - gnutls_protocol_set_priority( *state, GNUTLS_TLS1, 0); /* default */ + gnutls_protocol_set_priority( *state, default_protocol_list); /* default */ (*state)->gnutls_key = gnutls_calloc(1, sizeof(struct GNUTLS_KEY_INT)); if ( (*state)->gnutls_key == NULL) { @@ -148,6 +148,13 @@ int cert_callback( const gnutls_datum *client_certs, int ncerts, const gnutls_da return -1; /* send no certificate to the peer */ } +const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; +const int kx_priority[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0 }; +const int cipher_priority[] = { GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; +const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; +const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; + + int main(int argc, char** argv) { int err, ret; @@ -222,11 +229,11 @@ int main(int argc, char** argv) #ifdef RESUME gnutls_init(&state, GNUTLS_CLIENT); - gnutls_protocol_set_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_cipher_set_priority( state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, 0); - gnutls_compression_set_priority( state, GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0); - gnutls_kx_set_priority( state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); - gnutls_mac_set_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_cipher_set_priority(state, cipher_priority); + gnutls_compression_set_priority(state, comp_priority); + gnutls_kx_set_priority(state, kx_priority); + gnutls_protocol_set_priority( state, protocol_priority); + gnutls_mac_set_priority(state, mac_priority); gnutls_set_cred( state, GNUTLS_ANON, NULL); gnutls_set_cred( state, GNUTLS_SRP, cred); @@ -285,11 +292,11 @@ int main(int argc, char** argv) /* Begin handshake again */ gnutls_init(&state, GNUTLS_CLIENT); - gnutls_protocol_set_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_cipher_set_priority( state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, 0); - gnutls_compression_set_priority( state, GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0); - gnutls_kx_set_priority( state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); - gnutls_mac_set_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_cipher_set_priority(state, cipher_priority); + gnutls_compression_set_priority(state, comp_priority); + gnutls_kx_set_priority(state, kx_priority); + gnutls_protocol_set_priority( state, protocol_priority); + gnutls_mac_set_priority(state, mac_priority); gnutls_set_cred( state, GNUTLS_ANON, NULL); gnutls_set_cred( state, GNUTLS_SRP, cred); diff --git a/src/serv.c b/src/serv.c index 97ca3de30f..d3124116d9 100644 --- a/src/serv.c +++ b/src/serv.c @@ -75,6 +75,11 @@ GNUTLS_STATE initialize_state() { GNUTLS_STATE state; int ret; + int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; + int kx_priority[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0 }; + int cipher_priority[] = { GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; + int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; + int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; gnutls_init(&state, GNUTLS_SERVER); if ((ret = gnutls_db_set_name(state, "gnutls-rsm.db")) < 0) @@ -83,17 +88,17 @@ GNUTLS_STATE initialize_state() /* null cipher is here only for debuging * purposes. */ - gnutls_cipher_set_priority(state, GNUTLS_CIPHER_NULL, - GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0); - gnutls_compression_set_priority(state, GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0); - gnutls_kx_set_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); - gnutls_protocol_set_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); + gnutls_cipher_set_priority(state, cipher_priority); + gnutls_compression_set_priority(state, comp_priority); + gnutls_kx_set_priority(state, kx_priority); + gnutls_protocol_set_priority( state, protocol_priority); + gnutls_mac_set_priority(state, mac_priority); gnutls_set_cred(state, GNUTLS_ANON, dh_cred); gnutls_set_cred(state, GNUTLS_SRP, srp_cred); gnutls_set_cred(state, GNUTLS_X509PKI, x509_cred); - gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_mac_set_priority(state, mac_priority); gnutls_x509pki_server_set_cert_request( state, GNUTLS_CERT_REQUEST); |