** libgnutls: Reduced the number of gnulib modules used.
+** libgnutls: Added priority string %DISABLE_WILDCARDS.
+
** certtool: Timestamps for serial numbers were increased to 8 bytes,
and in batch mode to 12 (appended with 4 random bytes).
data that are possibly controlled by an attacker are placed in
separate records.
+@item %DISABLE_WILDCARDS @tab
+will disable matching wildcards when comparing hostnames
+in certificates.
+
@item %DISABLE_SAFE_RENEGOTIATION @tab
will completely disable safe renegotiation
completely. Do not use unless you know what you are doing.
{
c->stateless_compression = 1;
}
+static void disable_wildcards(gnutls_priority_t c)
+{
+ c->additional_verify_flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS;
+}
static void enable_profile_low(gnutls_priority_t c)
{
c->additional_verify_flags &= 0x00ffffff;
SAFE_RENEGOTIATION, enable_safe_renegotiation
PARTIAL_RENEGOTIATION, enable_partial_safe_renegotiation
DISABLE_SAFE_RENEGOTIATION, disable_safe_renegotiation
+DISABLE_WILDCARDS, disable_wildcards
SERVER_PRECEDENCE, enable_server_precedence
PROFILE_LOW, enable_profile_low
PROFILE_LEGACY, enable_profile_legacy