diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | doc/tex/compression.tex | 4 | ||||
| -rw-r--r-- | lib/ext_server_name.c | 6 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 3 | ||||
| -rw-r--r-- | lib/gnutls_extensions.c | 3 | ||||
| -rw-r--r-- | src/cli.c | 10 | ||||
| -rw-r--r-- | src/common.c | 4 |
7 files changed, 20 insertions, 11 deletions
@@ -1,5 +1,6 @@ Version 1.1.6 - Several bug fixes, by Arne Thomassen. +- Fixed a bug where 'server name' extension was always sent. Version 1.1.5 (06/01/2004) - Added the gnutls_sign_algorithm type. diff --git a/doc/tex/compression.tex b/doc/tex/compression.tex index 6c16e4d9d6..cd057e027d 100644 --- a/doc/tex/compression.tex +++ b/doc/tex/compression.tex @@ -2,7 +2,7 @@ \index{Compression algorithms} The TLS' record layer also supports compression. The algorithms implemented in \gnutls{} can be found in figure \ref{fig:compression}. -All the algorithms except for ZLIB which is referenced in \cite{TLSCOMP}, should be +All the algorithms except for DEFLATE which is referenced in \cite{TLSCOMP}, should be considered as \gnutls' extensions\footnote{You should use \printfunc{gnutls_handshake_set_private_extensions}{gnutls\_handshake\_set\_private\_extensions} to enable private extensions.}, and should be advertised only when the peer is known to have a compliant client, @@ -23,7 +23,7 @@ the paper \cite{TLSCOMP}. \begin{tabular}{|l|p{9cm}|} \hline -ZLIB & ZLIB compression, using the deflate algorithm. +DEFLATE & Zlib compression, using the deflate algorithm. \\ \hline LZO & LZO is a very fast compression algorithm. This algorithm is only diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c index da278969eb..e0cd9d5ccb 100644 --- a/lib/ext_server_name.c +++ b/lib/ext_server_name.c @@ -126,7 +126,11 @@ int _gnutls_server_name_send_params(gnutls_session session, opaque * data, */ if (session->security_parameters.entity == GNUTLS_CLIENT) { - /* uint16 */ + if (session->security_parameters.extensions.server_names_size == 0) + return 0; + + /* uint16 + */ total_size = 2; for (i = 0; i < session->security_parameters.extensions.server_names_size; diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 5ff1627adb..e4183ee103 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -87,8 +87,9 @@ typedef enum gnutls_digest_algorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, */ #define GNUTLS_MAX_ALGORITHM_NUM 16 +#define GNUTLS_COMP_ZLIB GNUTLS_COMP_DEFLATE typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1, - GNUTLS_COMP_ZLIB, + GNUTLS_COMP_DEFLATE, GNUTLS_COMP_LZO /* only available if gnutls-extra has been initialized */ } gnutls_compression_method; diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index d13e89cd86..40e55249c0 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -202,9 +202,11 @@ ext_send_func ext_send; return GNUTLS_E_MEMORY_ERROR; } +fprintf(stderr, "Data type: [%d]\n", next); /* write extension type */ _gnutls_write_uint16( next, &(*data)[pos]); pos+=2; +fprintf(stderr, "Data size: %d\n", size); /* write size */ _gnutls_write_uint16( size, &(*data)[pos]); @@ -231,6 +233,7 @@ ext_send_func ext_send; pos-=2; /* remove the size of the size header! */ _gnutls_write_uint16( pos, (*data)); +fprintf(stderr, "Total size: %d\n", pos); if (size==2) { /* empty */ size = 0; @@ -74,7 +74,7 @@ static gnutls_srp_client_credentials srp_cred; static gnutls_anon_client_credentials anon_cred; static gnutls_certificate_credentials xcred; -int protocol_priority[PRI_MAX] = { GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3, 0 }; +int protocol_priority[PRI_MAX] = { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; int kx_priority[PRI_MAX] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, /* Do not use anonymous authentication, unless you know what that means */ @@ -158,19 +158,19 @@ static gnutls_session init_tls_session(const char *hostname) /* allow the use of private ciphersuites. */ - if (disable_extensions == 0) + if (disable_extensions == 0) { gnutls_handshake_set_private_extensions(session, 1); - - if (disable_extensions == 0) gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname, strlen(hostname)); + gnutls_certificate_type_set_priority(session, cert_type_priority); + } gnutls_cipher_set_priority(session, cipher_priority); gnutls_compression_set_priority(session, comp_priority); gnutls_kx_set_priority(session, kx_priority); gnutls_protocol_set_priority(session, protocol_priority); gnutls_mac_set_priority(session, mac_priority); - gnutls_certificate_type_set_priority(session, cert_type_priority); + gnutls_dh_set_prime_bits(session, 512); diff --git a/src/common.c b/src/common.c index a73fa26329..be5a3a451a 100644 --- a/src/common.c +++ b/src/common.c @@ -548,8 +548,8 @@ void parse_protocols(char **protocols, int protocols_size, protocol_priority[j++] = GNUTLS_SSL3; else if (strncasecmp(protocols[i], "TLS1.1", 6) == 0) protocol_priority[j++] = GNUTLS_TLS1_1; - else if (strncasecmp(protocols[i], "TLS", 6) == 0) - protocol_priority[j++] = GNUTLS_TLS1; + else if (strncasecmp(protocols[i], "TLS", 3) == 0) + protocol_priority[j++] = GNUTLS_TLS1_0; else fprintf(stderr, "Unknown protocol: '%s'\n", protocols[i]); } protocol_priority[j] = 0; |