diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | doc/tex/ex-serv-export.tex | 27 | ||||
| -rw-r--r-- | doc/tex/ex-serv1.tex | 15 | ||||
| -rw-r--r-- | lib/gnutls_auth_int.h | 3 | ||||
| -rw-r--r-- | lib/gnutls_state.c | 26 |
5 files changed, 33 insertions, 40 deletions
@@ -1,4 +1,4 @@ -Version 0.8.9 +Version 0.8.9 (29/06/2003) - Corrected a null pointer dereference in gnutls_certificate_get_ours(). Report and Patch by Steve Langasek <vorlon@netexpress.net>. - The gnutls_transport_ptr type was changed to a pointer type (void*). diff --git a/doc/tex/ex-serv-export.tex b/doc/tex/ex-serv-export.tex index cd501729ee..ba3c5127c6 100644 --- a/doc/tex/ex-serv-export.tex +++ b/doc/tex/ex-serv-export.tex @@ -27,7 +27,7 @@ #define DH_BITS 1024 /* These are global */ -gnutls_certificate_credentials x509_cred; +gnutls_certificate_server_credentials x509_cred; static void wrap_db_init(void); static void wrap_db_deinit(void); @@ -55,11 +55,6 @@ gnutls_session initialize_tls_session() gnutls_dh_set_prime_bits(session, DH_BITS); - /* some broken clients may require this in order to connect. - * This will weaken security though. - */ - /* gnutls_handshake_set_rsa_pms_check( session, 1); */ - if (TLS_SESSION_CACHE != 0) { gnutls_db_set_retrieve_function(session, wrap_db_fetch); gnutls_db_set_remove_function(session, wrap_db_delete); @@ -78,19 +73,27 @@ gnutls_rsa_params rsa_params; static int generate_dh_params(void) { + gnutls_datum prime, generator; + /* Generate Diffie Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depends on the * security requirements. */ gnutls_dh_params_init(&dh_params); - gnutls_dh_params_generate2( dh_params, DH_BITS); + gnutls_dh_params_generate(&prime, &generator, DH_BITS); + gnutls_dh_params_set(dh_params, prime, generator, DH_BITS); + free(prime.data); + free(generator.data); + return 0; } static int generate_rsa_params(void) { + gnutls_datum m, e, d, p, q, u; + gnutls_rsa_params_init(&rsa_params); /* Generate RSA parameters - for use with RSA-export @@ -99,7 +102,15 @@ static int generate_rsa_params(void) * security requirements. */ - gnutls_rsa_params_generate2( rsa_params, 512); + gnutls_rsa_params_generate(&m, &e, &d, &p, &q, &u, 512); + gnutls_rsa_params_set(rsa_params, m, e, d, p, q, u, 512); + + free(m.data); + free(e.data); + free(d.data); + free(p.data); + free(q.data); + free(u.data); return 0; } diff --git a/doc/tex/ex-serv1.tex b/doc/tex/ex-serv1.tex index 050d25e9bc..c158d82f29 100644 --- a/doc/tex/ex-serv1.tex +++ b/doc/tex/ex-serv1.tex @@ -27,7 +27,7 @@ #define DH_BITS 1024 /* These are global */ -gnutls_certificate_credentials x509_cred; +gnutls_certificate_server_credentials x509_cred; gnutls_session initialize_tls_session() { @@ -48,18 +48,13 @@ gnutls_session initialize_tls_session() gnutls_dh_set_prime_bits( session, DH_BITS); - /* some broken clients may require this in order to connect. - * This may weaken security though. - */ - /* gnutls_handshake_set_rsa_pms_check( session, 1); */ - - return session; } gnutls_dh_params dh_params; static int generate_dh_params(void) { +gnutls_datum prime, generator; /* Generate Diffie Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated @@ -67,7 +62,11 @@ static int generate_dh_params(void) { * security requirements. */ gnutls_dh_params_init( &dh_params); - gnutls_dh_params_generate2( dh_params, DH_BITS); + gnutls_dh_params_generate( &prime, &generator, DH_BITS); + gnutls_dh_params_set( dh_params, prime, generator, DH_BITS); + + free( prime.data); + free( generator.data); return 0; } diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h index becdd87505..3d52aa23aa 100644 --- a/lib/gnutls_auth_int.h +++ b/lib/gnutls_auth_int.h @@ -1,4 +1,4 @@ -void gnutls_credentials_clear( gnutls_session session); +int gnutls_clear_creds( gnutls_session session); int gnutls_credentials_set( gnutls_session session, gnutls_credentials_type type, void* cred); const void *_gnutls_get_cred( GNUTLS_KEY key, gnutls_credentials_type kx, int* err); const void *_gnutls_get_kx_cred( gnutls_session session, gnutls_kx_algorithm algo, int *err); @@ -6,3 +6,4 @@ int _gnutls_generate_key(GNUTLS_KEY key); gnutls_credentials_type gnutls_auth_get_type( gnutls_session session); void* _gnutls_get_auth_info( gnutls_session session); int _gnutls_auth_info_set( gnutls_session session, gnutls_credentials_type type, int size, int allow_change); +void gnutls_credentials_clear( gnutls_session session); diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index e10da9b335..065d86f4fe 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -139,7 +139,7 @@ void _gnutls_handshake_internal_state_clear( gnutls_session session) { } -#define MIN_DH_BITS 511 + #define _gnutls_free(x) if(x!=NULL) gnutls_free(x) /** * gnutls_init - This function initializes the session to null (null encryption etc...). @@ -193,7 +193,7 @@ int gnutls_init(gnutls_session * session, gnutls_connection_end con_end) (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */ - gnutls_dh_set_prime_bits( (*session), MIN_DH_BITS); + gnutls_dh_set_prime_bits( (*session), MIN_BITS); gnutls_transport_set_lowat((*session), DEFAULT_LOWAT); /* the default for tcp */ @@ -450,24 +450,6 @@ void gnutls_openpgp_send_key(gnutls_session session, gnutls_openpgp_key_status s session->internals.pgp_fingerprint = status; } -/** - * gnutls_certificate_send_x509_rdn_sequence - This function will order gnutls to or not to send the x.509 rdn sequence - * @session: is a pointer to a &gnutls_session structure. - * @status: is 0 or 1 - * - * If status is non zero, this function will order gnutls not to send the rdnSequence - * in the certificate request message. That is the server will not advertize - * it's trusted CAs to the peer. If status is zero then the default behaviour will - * take effect, which is to advertize the server's trusted CAs. - * - * This function has no effect in clients, and in authentication methods other than - * certificate with X.509 certificates. - * - **/ -void gnutls_certificate_send_x509_rdn_sequence(gnutls_session session, int status) { - session->internals.ignore_rdn_sequence = status; -} - int _gnutls_openpgp_send_fingerprint(gnutls_session session) { return session->internals.pgp_fingerprint; } @@ -535,7 +517,7 @@ void gnutls_handshake_set_private_extensions(gnutls_session session, int allow) session->internals.enable_private = allow; } -/** +/*- * gnutls_handshake_set_rsa_pms_check - Used to disable the RSA PMS check * @session: is a &gnutls_session structure. * @prot: is an integer (0 or 1) @@ -551,7 +533,7 @@ void gnutls_handshake_set_private_extensions(gnutls_session session, int allow) * if check == 0 then the check is enabled (default), otherwise it * is disabled. * - **/ + -*/ void gnutls_handshake_set_rsa_pms_check(gnutls_session session, int check) { session->internals.rsa_pms_check = check; |