unsigned int additional_verify_flags;
};
+#define ENABLE_COMPAT(x) \
+ (x)->no_padding = 1; \
+ (x)->allow_large_records = 1; \
+ (x)->allow_key_usage_violation = 1; \
+ (x)->allow_weak_keys = 1
/* DH and RSA parameters types.
*/
{
if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
{
- (*priority_cache)->no_padding = 1;
- (*priority_cache)->allow_large_records = 1;
- (*priority_cache)->allow_key_usage_violation = 1;
- (*priority_cache)->allow_weak_keys = 1;
+ ENABLE_COMPAT((*priority_cache));
}
else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0)
{
/* Returns the minimum prime bits that are acceptable.
*/
-int
-_gnutls_dh_get_allowed_prime_bits (gnutls_session_t session)
-{
- return session->internals.dh_prime_bits;
-}
-
int
_gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public)
{
*
* This function can be used to disable certain (security) features in
* TLS in order to maintain maximum compatibility with buggy
- * clients. It is equivalent to calling:
- * gnutls_record_disable_padding()
+ * clients. Because several trade-offs with security are enabled,
+ * if required they will be reported through the audit subsystem.
*
* Normally only servers that require maximum compatibility with
* everything out there, need to call this function.
void
gnutls_session_enable_compatibility_mode (gnutls_session_t session)
{
- gnutls_record_disable_padding (session);
+ ENABLE_COMPAT(&session->internals.priorities);
}
/**
int _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen,
bigint_t prime);
-int _gnutls_dh_get_allowed_prime_bits (gnutls_session_t session);
+static inline int
+_gnutls_dh_get_allowed_prime_bits (gnutls_session_t session)
+{
+ return session->internals.dh_prime_bits;
+}
+
void _gnutls_handshake_internal_state_clear (gnutls_session_t);
int _gnutls_rsa_export_set_pubkey (gnutls_session_t session,