From 5673b9085a7a5daad79609230ab40eac75ac4f7d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 24 Feb 2002 12:54:19 +0000 Subject: *** empty log message *** --- ChangeLog | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ NEWS | 9 +++---- configure.in | 6 ++--- lib/gnutls_int.h | 2 +- lib/gnutls_ui.h | 2 +- lib/x509_verify.c | 12 ++++----- src/cli.c | 6 ++++- 7 files changed, 96 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index 242a8e05f7..456da0bb8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,80 @@ +2002-02-24 10:47 nmav + + * lib/: gnutls.h.in.in, gnutls_cert.c, gnutls_handshake.c, + gnutls_int.h, gnutls_openpgp.c, gnutls_record.c, gnutls_x509.c, + x509_sig_check.c, x509_verify.c: + + removed GNUTLS_CERT_NONE (replaced by + GNUTLS_E_NO_CERTIFICATE_FOUND). removed GNUTLS_CERT_VALID (it's + valid if it's not invalid) + +2002-02-23 21:50 twoaday + + * lib/: gnutls_openpgp.c, gnutls_openpgp.h: + + Bug fixes for _verify_key and basic trust handling for keys. + +2002-02-22 23:49 nmav + + * lib/gnutls_openpgp.c: + + includes moved before #ifdef + +2002-02-22 18:49 twoaday + + * lib/gnutls_openpgp.c: + + Added stubs for the case we don't have OpenCDK support. + +2002-02-22 18:31 nmav + + * doc/tex/ex3.tex, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c, + lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_x509.c, + lib/x509_sig_check.c, lib/x509_verify.c, src/common.c, src/serv.c: + + Changed certificate verification functions. + +2002-02-22 17:14 twoaday + + * lib/: gnutls_openpgp.c, gnutls_openpgp.h: + + Implemented gnutls_certificate_set_openpgp_key_mem. Some basic + routines for key ownertrust. + +2002-02-22 13:30 nmav + + * lib/: auth_cert.h, gnutls.h.in.in, gnutls_cert.c: + + added trustdb stuff + +2002-02-22 12:52 twoaday + + * lib/gnutls_openpgp.c: + + Modified code for the new OpenCDK code. + +2002-02-22 11:34 nmav + + * lib/gnutls_algorithms.c: + + moved private cipher suites to 0xFF space. + +2002-02-22 00:40 nmav + + * ChangeLog, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/layers.tex, + doc/tex/serv1.tex, doc/tex/srp1.tex, lib/gnutls.h.in.in, + lib/gnutls_alert.c, lib/gnutls_alert.h, lib/gnutls_algorithms.c, + lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c, + lib/gnutls_record.c, src/cli.c, src/serv.c: + + Several alert protocol changes. + +2002-02-21 22:34 twoaday + + * lib/gnutls_openpgp.c: + + Fixed return code check for GnuTLS functions. + 2002-02-21 20:57 nmav * lib/: gnutls.h.in.in, gnutls_openpgp.c: diff --git a/NEWS b/NEWS index 3ee9e51dc6..f5eb5086af 100644 --- a/NEWS +++ b/NEWS @@ -1,10 +1,11 @@ -Version ?.?.? +Version 0.3.90 (24/02/2002) - Handshake messages are not kept in memory any more. Now we use less memory during a handshake - Added support for certificates with DSA parameters - Added DHE_DSS cipher suites - Key exchange methods changed so they do not depend on the - certificate type. + certificate type. Added certificate type negotiation TLS extension. +- Added openpgp key support (EXPERIMENTAL) - Improved Diffie Hellman key exchange support. - Bug fixes in the RSA key exchange. - Added check for the requested TLS extensions @@ -16,10 +17,6 @@ Version ?.?.? - gnutls_x509_set_trust_(file/mem) can now be called multiple times - gnutls_srp_server_set_cred_file() can now be called multiple times - -OpenPGP: -- Added openpgp key support (EXPERIMENTAL) - Version 0.3.5 (25/01/2002) - Corrected the RSA key exchange method, to avoid attacks against PKCS-1 formating. diff --git a/configure.in b/configure.in index fa5e496e20..4b8341712e 100644 --- a/configure.in +++ b/configure.in @@ -11,8 +11,8 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os") dnl Gnutls Version GNUTLS_MAJOR_VERSION=0 -GNUTLS_MINOR_VERSION=4 -GNUTLS_MICRO_VERSION=0 +GNUTLS_MINOR_VERSION=3 +GNUTLS_MICRO_VERSION=90 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION") @@ -22,7 +22,7 @@ AM_CONFIG_HEADER(config.h) dnl This is the library version GNUTLS_MOST_RECENT_INTERFACE=4 -GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER=$GNUTLS_MICRO_VERSION +GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER=0 dnl $GNUTLS_MICRO_VERSION GNUTLS_OLDEST_INTERFACE=4 diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index a30b8ca51a..89729a26bf 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -374,7 +374,7 @@ typedef struct { typedef int certificate_client_select_func(struct GNUTLS_STATE_INT*, const gnutls_datum *, int, const gnutls_datum *, int); typedef int certificate_server_select_func(struct GNUTLS_STATE_INT*, const gnutls_datum *, int); -typedef int srp_server_select_func(struct GNUTLS_STATE_INT*, const char**, const char**, int); +typedef int srp_server_select_func(struct GNUTLS_STATE_INT*, char**, char**, int); typedef struct { opaque header[HANDSHAKE_HEADER_SIZE]; diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index cc0cff3ef8..7506ee438d 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -52,7 +52,7 @@ typedef enum GNUTLS_X509_SUBJECT_ALT_NAME { typedef int gnutls_certificate_client_select_func(GNUTLS_STATE, const gnutls_datum *, int, const gnutls_datum *, int); typedef int gnutls_certificate_server_select_func(GNUTLS_STATE, const gnutls_datum *, int); -typedef int gnutls_srp_server_select_func(GNUTLS_STATE, const char **, const char**, int); +typedef int gnutls_srp_server_select_func(GNUTLS_STATE, char **, char**, int); /* Functions that allow AUTH_INFO structures handling */ diff --git a/lib/x509_verify.c b/lib/x509_verify.c index 819aef21cd..ec62abedaa 100644 --- a/lib/x509_verify.c +++ b/lib/x509_verify.c @@ -304,13 +304,13 @@ int gnutls_verify_certificate2(gnutls_cert * cert, gnutls_cert * trusted_cas, in /* CRL is ignored for now */ gnutls_cert *issuer; - CertificateStatus ret = ret_else; + int ret; if (tcas_size >= 1) issuer = find_issuer(cert, trusted_cas, tcas_size); else { gnutls_assert(); - return ret; + return ret_else; } /* issuer is not in trusted certificate @@ -318,25 +318,25 @@ int gnutls_verify_certificate2(gnutls_cert * cert, gnutls_cert * trusted_cas, in */ if (issuer == NULL) { gnutls_assert(); - return ret; + return ret_else; } ret = check_if_ca( cert, issuer); if (ret != 0) { gnutls_assert(); - return ret_else; + return ret_else|GNUTLS_CERT_INVALID; } ret = check_if_expired( issuer); if (ret != 0) { gnutls_assert(); - return ret_else; + return ret_else|GNUTLS_CERT_EXPIRED; } ret = gnutls_x509_verify_signature(cert, issuer); if (ret != 0) { gnutls_assert(); - return ret_else; + return ret_else|GNUTLS_CERT_INVALID; } /* FIXME: Check CRL --not done yet. diff --git a/src/cli.c b/src/cli.c index 4bb958531f..aa6656c43a 100644 --- a/src/cli.c +++ b/src/cli.c @@ -45,6 +45,7 @@ #define SA struct sockaddr #define ERR(err,s) if (err==-1) {perror(s);return(1);} #define MAX_BUF 4096 +#define GERR(ret) fprintf(stderr, "* Error: %s\n", gnutls_strerror(ret)) /* global stuff here */ int resume; @@ -433,7 +434,10 @@ int main(int argc, char **argv) strlen(buffer)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); - printf("- Sent: %d bytes\n", ret); + if (ret > 0) + printf("- Sent: %d bytes\n", ret); + else + GERR( ret); } } -- cgit v1.2.1