return NULL;
}
- if (session->internals.priorities.server_precedence == 0) {
+ if (session->internals.priorities->server_precedence == 0) {
for (i = 0; i < peer_clist->size; i++) {
_gnutls_debug_log("checking %.2x.%.2x (%s) for compatibility\n",
(unsigned)peer_clist->entry[i]->id[0],
kx = peer_clist->entry[i]->kx_algorithm;
cred_type = _gnutls_map_kx_get_cred(kx, 1);
- for (j = 0; j < session->internals.priorities.cs.size; j++) {
- if (session->internals.priorities.cs.entry[j] == peer_clist->entry[i]) {
+ for (j = 0; j < session->internals.priorities->cs.size; j++) {
+ if (session->internals.priorities->cs.entry[j] == peer_clist->entry[i]) {
KX_CHECKS(kx, cred_type, continue);
if (cred_type == GNUTLS_CRD_CERTIFICATE) {
}
}
} else {
- for (j = 0; j < session->internals.priorities.cs.size; j++) {
- VERSION_CHECK(session->internals.priorities.cs.entry[j]);
+ for (j = 0; j < session->internals.priorities->cs.size; j++) {
+ VERSION_CHECK(session->internals.priorities->cs.entry[j]);
for (i = 0; i < peer_clist->size; i++) {
_gnutls_debug_log("checking %.2x.%.2x (%s) for compatibility\n",
(unsigned)peer_clist->entry[i]->id[1],
peer_clist->entry[i]->name);
- if (session->internals.priorities.cs.entry[j] == peer_clist->entry[i]) {
+ if (session->internals.priorities->cs.entry[j] == peer_clist->entry[i]) {
kx = peer_clist->entry[i]->kx_algorithm;
cred_type = _gnutls_map_kx_get_cred(kx, 1);
unsigned cipher_suites_size = 0;
size_t init_length = cdata->length;
- for (j = 0; j < session->internals.priorities.cs.size; j++) {
- CLIENT_VERSION_CHECK(vmin, vmax, session->internals.priorities.cs.entry[j]);
+ for (j = 0; j < session->internals.priorities->cs.size; j++) {
+ CLIENT_VERSION_CHECK(vmin, vmax, session->internals.priorities->cs.entry[j]);
- kx = session->internals.priorities.cs.entry[j]->kx_algorithm;
+ kx = session->internals.priorities->cs.entry[j]->kx_algorithm;
cred_type = _gnutls_map_kx_get_cred(kx, 0);
if (!session->internals.premaster_set && _gnutls_get_cred(session, cred_type) == NULL)
KX_SRP_CHECKS(kx, continue);
_gnutls_debug_log("Keeping ciphersuite %.2x.%.2x (%s)\n",
- (unsigned)session->internals.priorities.cs.entry[j]->id[0],
- (unsigned)session->internals.priorities.cs.entry[j]->id[1],
- session->internals.priorities.cs.entry[j]->name);
- cipher_suites[cipher_suites_size] = session->internals.priorities.cs.entry[j]->id[0];
- cipher_suites[cipher_suites_size + 1] = session->internals.priorities.cs.entry[j]->id[1];
+ (unsigned)session->internals.priorities->cs.entry[j]->id[0],
+ (unsigned)session->internals.priorities->cs.entry[j]->id[1],
+ session->internals.priorities->cs.entry[j]->name);
+ cipher_suites[cipher_suites_size] = session->internals.priorities->cs.entry[j]->id[0];
+ cipher_suites[cipher_suites_size + 1] = session->internals.priorities->cs.entry[j]->id[1];
cipher_suites_size += 2;
if (cipher_suites_size >= MAX_CIPHERSUITE_SIZE*2)
}
#endif
- if (session->internals.priorities.fallback) {
+ if (session->internals.priorities->fallback) {
cipher_suites[cipher_suites_size] = GNUTLS_FALLBACK_SCSV_MAJOR;
cipher_suites[cipher_suites_size + 1] = GNUTLS_FALLBACK_SCSV_MINOR;
cipher_suites_size += 2;
{
unsigned int i;
- for (i = 0; i < session->internals.priorities.protocol.algorithms;
+ for (i = 0; i < session->internals.priorities->protocol.algorithms;
i++) {
- if (session->internals.priorities.protocol.priority[i] ==
+ if (session->internals.priorities->protocol.priority[i] ==
version)
return i;
}
const version_entry_st *v, *min_v = NULL;
const version_entry_st *backup = NULL;
- for (i=0;i < session->internals.priorities.protocol.algorithms;i++) {
+ for (i=0;i < session->internals.priorities->protocol.algorithms;i++) {
cur_prot =
- session->internals.priorities.protocol.priority[i];
+ session->internals.priorities->protocol.priority[i];
v = version_to_entry(cur_prot);
if (v != NULL && version_is_valid_for_session(session, v)) {
unsigned int i, max = 0x00;
gnutls_protocol_t cur_prot;
- for (i = 0; i < session->internals.priorities.protocol.algorithms;
+ for (i = 0; i < session->internals.priorities->protocol.algorithms;
i++) {
cur_prot =
- session->internals.priorities.protocol.priority[i];
+ session->internals.priorities->protocol.priority[i];
if (cur_prot > max
&& _gnutls_version_is_supported(session, cur_prot))
return 0;
}
- if (unlikely(session->internals.priorities.allow_server_key_usage_violation)) {
+ if (unlikely(session->internals.priorities->allow_server_key_usage_violation)) {
key_usage = 0;
} else {
key_usage = pubkey->key_usage;
if (key_usage != 0) {
if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT) && !(key_usage & GNUTLS_KEY_KEY_AGREEMENT)) {
gnutls_assert();
- if (session->internals.priorities.allow_key_usage_violation == 0) {
+ if (session->internals.allow_key_usage_violation == 0) {
_gnutls_audit_log(session,
"Peer's certificate does not allow encryption. Key usage violation detected.\n");
return GNUTLS_E_KEY_USAGE_VIOLATION;
*/
if (_gnutls_get_adv_version_major(session) !=
plaintext.data[0]
- || (session->internals.priorities.allow_wrong_pms == 0
+ || (session->internals.allow_wrong_pms == 0
&& _gnutls_get_adv_version_minor(session) !=
plaintext.data[1])) {
/* No error is returned here, if the version number check
*/
if (_gnutls_get_adv_version_major(session) !=
plaintext.data[0]
- || (session->internals.priorities.allow_wrong_pms == 0
+ || (session->internals.allow_wrong_pms == 0
&& _gnutls_get_adv_version_minor(session) !=
plaintext.data[1])) {
/* No error is returned here, if the version number check
_gnutls_audit_log(session,
"Note that the security level of the Diffie-Hellman key exchange has been lowered to %u bits and this may allow decryption of the session data\n",
bits);
- session->internals.priorities.dh_prime_bits = bits;
+ session->internals.dh_prime_bits = bits;
}
unsigned pad_size;
if (session->security_parameters.entity == GNUTLS_SERVER ||
- session->internals.priorities.dumbfw == 0 ||
+ session->internals.dumbfw == 0 ||
IS_DTLS(session) != 0 ||
(extdata->length < 256 || extdata->length >= 512)) {
return 0;
/* this extension is only being sent on client side */
if (session->security_parameters.entity == GNUTLS_CLIENT) {
- if (session->internals.priorities.supported_ecc.
+ if (session->internals.priorities->supported_ecc.
algorithms > 0) {
len =
- session->internals.priorities.supported_ecc.
+ session->internals.priorities->supported_ecc.
algorithms;
/* this is a vector!
for (i = 0; i < len; i++) {
p = _gnutls_ecc_curve_get_tls_id(session->
internals.
- priorities.supported_ecc.
+ priorities->supported_ecc.
priority
[i]);
ret =
&& !_gnutls_session_is_ecc(session))
return 0;
- if (session->internals.priorities.supported_ecc.algorithms > 0) {
+ if (session->internals.priorities->supported_ecc.algorithms > 0) {
ret = _gnutls_buffer_append_data(extdata, p, 2);
if (ret < 0)
return gnutls_assert_val(ret);
{
unsigned i;
- if (session->internals.priorities.supported_ecc.algorithms > 0) {
+ if (session->internals.priorities->supported_ecc.algorithms > 0) {
for (i = 0;
i <
- session->internals.priorities.supported_ecc.
+ session->internals.priorities->supported_ecc.
algorithms; i++) {
- if (session->internals.priorities.supported_ecc.
+ if (session->internals.priorities->supported_ecc.
priority[i] == ecc_type)
return 0;
}
if (session->security_parameters.entity == GNUTLS_SERVER) {
gnutls_ext_priv_data_t epriv;
- if (session->internals.priorities.no_etm != 0)
+ if (session->internals.no_etm != 0)
return 0;
epriv = (void*)(intptr_t)1;
_gnutls_ext_etm_send_params(gnutls_session_t session,
gnutls_buffer_st * extdata)
{
- if (session->internals.priorities.no_etm != 0)
+ if (session->internals.no_etm != 0)
return 0;
/* this function sends the client extension data */
if (session->security_parameters.entity == GNUTLS_CLIENT) {
- if (session->internals.priorities.have_cbc != 0)
+ if (session->internals.priorities->have_cbc != 0)
return GNUTLS_E_INT_RET_0;
else
return 0;
#ifdef ENABLE_SSL3
static inline unsigned have_only_ssl3_enabled(gnutls_session_t session)
{
- if (session->internals.priorities.protocol.algorithms == 1 &&
- session->internals.priorities.protocol.priority[0] == GNUTLS_SSL3)
+ if (session->internals.priorities->protocol.algorithms == 1 &&
+ session->internals.priorities->protocol.priority[0] == GNUTLS_SSL3)
return 1;
return 0;
}
ssize_t data_size = _data_size;
if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) ||
- session->internals.priorities.no_ext_master_secret != 0) {
+ session->internals.no_ext_master_secret != 0) {
return 0;
}
gnutls_buffer_st * extdata)
{
if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) ||
- session->internals.priorities.no_ext_master_secret != 0) {
+ session->internals.no_ext_master_secret != 0) {
session->security_parameters.ext_master_secret = 0;
return 0;
}
sr_ext_st *priv;
gnutls_ext_priv_data_t epriv;
- if (session->internals.priorities.sr == SR_DISABLED) {
+ if (session->internals.priorities->sr == SR_DISABLED) {
return 0;
}
sr_ext_st *priv = NULL;
gnutls_ext_priv_data_t epriv;
- if (session->internals.priorities.sr == SR_DISABLED) {
+ if (session->internals.priorities->sr == SR_DISABLED) {
gnutls_assert();
return 0;
}
/* Clients can't tell if it's an initial negotiation */
if (session->internals.initial_negotiation_completed) {
- if (session->internals.priorities.sr < SR_PARTIAL) {
+ if (session->internals.priorities->sr < SR_PARTIAL) {
_gnutls_handshake_log
("HSK[%p]: Allowing unsafe (re)negotiation\n",
session);
GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
}
} else {
- if (session->internals.priorities.sr < SR_SAFE) {
+ if (session->internals.priorities->sr < SR_SAFE) {
_gnutls_handshake_log
("HSK[%p]: Allowing unsafe initial negotiation\n",
session);
DECR_LEN(data_size,
len + 1 /* count the first byte and payload */ );
- if (session->internals.priorities.sr == SR_DISABLED) {
+ if (session->internals.priorities->sr == SR_DISABLED) {
gnutls_assert();
return 0;
}
gnutls_ext_priv_data_t epriv;
size_t init_length = extdata->length;
- if (session->internals.priorities.sr == SR_DISABLED) {
+ if (session->internals.priorities->sr == SR_DISABLED) {
gnutls_assert();
return 0;
}
p = buffer;
len = 0;
- for (i=0;i<session->internals.priorities.sigalg.size;i++) {
- aid = &session->internals.priorities.sigalg.entry[i]->aid;
+ for (i=0;i<session->internals.priorities->sigalg.size;i++) {
+ aid = &session->internals.priorities->sigalg.entry[i]->aid;
if (HAVE_UNKNOWN_SIGAID(aid))
continue;
_gnutls_handshake_log
("EXT[%p]: sent signature algo (%d.%d) %s\n", session,
(int)aid->id[0], (int)aid->id[1],
- session->internals.priorities.sigalg.entry[i]->name);
+ session->internals.priorities->sigalg.entry[i]->name);
len += 2;
if (unlikely(len >= sizeof(buffer))) {
/* this function sends the client extension data */
if (session->security_parameters.entity == GNUTLS_CLIENT
&& _gnutls_version_has_selectable_sighash(ver)) {
- if (session->internals.priorities.sigalg.size > 0) {
+ if (session->internals.priorities->sigalg.size > 0) {
ret =
_gnutls_sign_algorithm_write_params(session, extdata);
if (ret < 0)
return 0;
}
- for (i = 0; i < session->internals.priorities.sigalg.size;
+ for (i = 0; i < session->internals.priorities->sigalg.size;
i++) {
- if (session->internals.priorities.sigalg.entry[i]->id ==
+ if (session->internals.priorities->sigalg.entry[i]->id ==
sig) {
return 0; /* ok */
}
unsigned j;
unsigned kx;
- for (j = 0; j < session->internals.priorities.cs.size; j++) {
- kx = session->internals.priorities.cs.entry[j]->kx_algorithm;
+ for (j = 0; j < session->internals.priorities->cs.size; j++) {
+ kx = session->internals.priorities->cs.entry[j]->kx_algorithm;
if (kx == GNUTLS_KX_SRP || kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS)
return 1;
}
/* to disable record padding */
bool no_extensions;
- bool no_ext_master_secret;
- bool allow_large_records;
- unsigned int dumbfw;
+
+
safe_renegotiation_t sr;
bool min_record_version;
bool server_precedence;
- bool allow_key_usage_violation;
bool allow_server_key_usage_violation; /* for test suite purposes only */
- bool allow_wrong_pms;
bool no_tickets;
- bool no_etm;
bool have_cbc;
unsigned int additional_verify_flags;
+ /* TLS_FALLBACK_SCSV */
+ bool fallback;
+
/* The session's expected security level.
* Will be used to determine the minimum DH bits,
* (or the acceptable certificate security level).
*/
gnutls_sec_param_t level;
- unsigned int dh_prime_bits; /* old (deprecated) variable */
- /* TLS_FALLBACK_SCSV */
- bool fallback;
+ /* these should be accessed from
+ * session->internals.VAR names */
+ bool _allow_large_records;
+ bool _no_etm;
+ bool _no_ext_master_secret;
+ bool _allow_key_usage_violation;
+ bool _allow_wrong_pms;
+ bool _dumbfw;
+ unsigned int _dh_prime_bits; /* old (deprecated) variable */
+
};
/* Allow around 50KB of length-hiding padding
(x)->allow_wrong_pms = 1; \
(x)->dumbfw = 1
+#define ENABLE_PRIO_COMPAT(x) \
+ (x)->_allow_large_records = 1; \
+ (x)->_no_etm = 1; \
+ (x)->_no_ext_master_secret = 1; \
+ (x)->_allow_key_usage_violation = 1; \
+ (x)->_allow_wrong_pms = 1; \
+ (x)->_dumbfw = 1
+
/* DH and RSA parameters types.
*/
typedef struct gnutls_dh_params_int {
int last_handshake_out;
/* priorities */
- struct gnutls_priority_st priorities;
+ struct gnutls_priority_st *priorities;
+ /* non-zero if the priorities are assigned only to this session (and
+ * thus should be freed by it */
+ bool deinit_priorities;
+
+ /* variables directly set when setting the priorities above, or
+ * when overriding them */
+ bool allow_large_records;
+ bool no_etm;
+ bool no_ext_master_secret;
+ bool allow_key_usage_violation;
+ bool allow_wrong_pms;
+ bool dumbfw;
+ unsigned int dh_prime_bits; /* old (deprecated) variable */
+
/* resumed session */
bool resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */
for (i = 0; i < datalen; i += 2) {
#ifdef ENABLE_SSL3 /* No need to support certain SCSV's without SSL 3.0 */
/* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
- if (session->internals.priorities.sr != SR_DISABLED &&
+ if (session->internals.priorities->sr != SR_DISABLED &&
data[i] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR &&
data[i + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR) {
_gnutls_handshake_log
int ret;
const gnutls_cipher_suite_entry_st *selected = NULL;
- for (j = 0; j < session->internals.priorities.cs.size; j++) {
- if (suite[0] == session->internals.priorities.cs.entry[j]->id[0] &&
- suite[1] == session->internals.priorities.cs.entry[j]->id[1]) {
- selected = session->internals.priorities.cs.entry[j];
+ for (j = 0; j < session->internals.priorities->cs.size; j++) {
+ if (suite[0] == session->internals.priorities->cs.entry[j]->id[0] &&
+ suite[1] == session->internals.priorities->cs.entry[j]->id[1]) {
+ selected = session->internals.priorities->cs.entry[j];
break;
}
}
if (_gnutls_set_current_version(session, hver->id) < 0)
return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
- if (session->internals.priorities.min_record_version != 0) {
+ if (session->internals.priorities->min_record_version != 0) {
/* Advertize the lowest supported (SSL 3.0) record packet
* version in record packets during the handshake.
* That is to avoid confusing implementations
if (!session->internals.initial_negotiation_completed &&
session->security_parameters.entity == GNUTLS_CLIENT &&
(hver->id == GNUTLS_SSL3 &&
- session->internals.priorities.no_extensions != 0)) {
+ session->internals.priorities->no_extensions != 0)) {
add_sr_scsv = 1;
}
#endif
/* Generate and copy TLS extensions.
*/
- if (session->internals.priorities.no_extensions == 0) {
+ if (session->internals.priorities->no_extensions == 0) {
if (_gnutls_version_has_extensions(hver)) {
type = GNUTLS_EXT_ANY;
} else {
if (STATE == STATE0) {
/* first call */
- if (session->internals.priorities.protocol.algorithms == 0)
+ if (session->internals.priorities == NULL ||
+ session->internals.priorities->cs.size == 0)
return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
session->internals.used_exts_size = 0;
int gnutls_priority_set(gnutls_session_t session,
gnutls_priority_t priority);
+
+#define GNUTLS_PRIORITY_FLAG_COPY 1
+int gnutls_priority_set2(gnutls_session_t session,
+ gnutls_priority_t priority,
+ unsigned int flags);
int gnutls_priority_set_direct(gnutls_session_t session,
const char *priorities,
const char **err_pos);
gnutls_sign_supports_pk_algorithm;
gnutls_privkey_sign_hash2;
gnutls_privkey_sign_data2;
+ gnutls_priority_set2;
local:
*;
};
* Sets the priorities to use on the ciphers, key exchange methods,
* and macs.
*
+ * This is identical to calling gnutls_priority_set2() with
+ * %GNUTLS_PRIORITY_FLAG_COPY.
+ *
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
+{
+ return gnutls_priority_set2(session, priority, GNUTLS_PRIORITY_FLAG_COPY);
+}
+
+/**
+ * gnutls_priority_set2:
+ * @session: is a #gnutls_session_t type.
+ * @priority: is a #gnutls_priority_t type.
+ * @flags: zero or %GNUTLS_PRIORITY_FLAG_COPY
+ *
+ * Sets the priorities to use on the ciphers, key exchange methods,
+ * and macs.
+ *
+ * Unless %GNUTLS_PRIORITY_FLAG_COPY is specified, the @priority reference
+ * must remain valid for the lifetime of the session.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_priority_set2(gnutls_session_t session, gnutls_priority_t priority, unsigned int flags)
{
if (priority == NULL) {
gnutls_assert();
return GNUTLS_E_NO_CIPHER_SUITES;
}
- memcpy(&session->internals.priorities, priority,
- sizeof(struct gnutls_priority_st));
+ if (session->internals.deinit_priorities &&
+ session->internals.priorities)
+ gnutls_priority_deinit(session->internals.priorities);
+
+ if (flags & GNUTLS_PRIORITY_FLAG_COPY) {
+ session->internals.priorities = gnutls_malloc(sizeof(*session->internals.priorities));
+ if (session->internals.priorities == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ /* it is fine to use memcpy() here since we are only storing
+ * values and pointers to constant static data. */
+ memcpy(session->internals.priorities, priority, sizeof(*priority));
+
+ session->internals.deinit_priorities = 1;
+ } else {
+ session->internals.priorities = priority;
+ session->internals.deinit_priorities = 0;
+ }
/* set the current version to the first in the chain.
* This will be overridden later.
*/
- if (session->internals.priorities.protocol.algorithms > 0) {
+ if (session->internals.priorities->protocol.algorithms > 0) {
if (_gnutls_set_current_version(session,
- session->internals.priorities.
+ session->internals.priorities->
protocol.priority[0]) < 0) {
return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
}
_gnutls_ext_unset_session_data(session, GNUTLS_EXTENSION_SESSION_TICKET);
}
- if (session->internals.priorities.protocol.algorithms == 0 ||
- session->internals.priorities.cs.size == 0)
+ if (session->internals.priorities->protocol.algorithms == 0 ||
+ session->internals.priorities->cs.size == 0)
return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
ADD_PROFILE_VFLAGS(session, priority->additional_verify_flags);
+ /* mirror variables */
+#undef COPY_TO_INTERNALS
+#define COPY_TO_INTERNALS(xx) session->internals.xx = priority->_##xx
+ COPY_TO_INTERNALS(allow_large_records);
+ COPY_TO_INTERNALS(no_etm);
+ COPY_TO_INTERNALS(no_ext_master_secret);
+ COPY_TO_INTERNALS(allow_key_usage_violation);
+ COPY_TO_INTERNALS(allow_wrong_pms);
+ COPY_TO_INTERNALS(dumbfw);
+ COPY_TO_INTERNALS(dh_prime_bits);
+
return 0;
}
static void enable_compat(gnutls_priority_t c)
{
- ENABLE_COMPAT(c);
+ ENABLE_PRIO_COMPAT(c);
}
static void enable_server_key_usage_violations(gnutls_priority_t c)
{
}
static void enable_dumbfw(gnutls_priority_t c)
{
- c->dumbfw = 1;
+ c->_dumbfw = 1;
}
static void enable_no_extensions(gnutls_priority_t c)
{
}
static void enable_no_ext_master_secret(gnutls_priority_t c)
{
- c->no_ext_master_secret = 1;
+ c->_no_ext_master_secret = 1;
}
static void enable_no_etm(gnutls_priority_t c)
{
- c->no_etm = 1;
+ c->_no_etm = 1;
}
static void enable_no_tickets(gnutls_priority_t c)
{
return ret;
}
+ /* ensure this priority is deinitialized with the session */
+ session->internals.deinit_priorities = 1;
+
gnutls_priority_deinit(prio);
return 0;
size = MAX_CIPHER_BLOCK_SIZE /*iv*/ + MAX_PAD_SIZE + MAX_HASH_SIZE/*MAC*/;
- if (gnutls_compression_get(session)!=GNUTLS_COMP_NULL || session->internals.priorities.allow_large_records != 0)
+ if (gnutls_compression_get(session)!=GNUTLS_COMP_NULL || session->internals.allow_large_records != 0)
size += EXTRA_COMP_SIZE;
size += session->security_parameters.max_record_recv_size + RECORD_HEADER_SIZE(session);
{
unsigned size = 0;
- if (session->internals.priorities.allow_large_records != 0)
+ if (session->internals.allow_large_records != 0)
size += EXTRA_COMP_SIZE;
size += session->security_parameters.max_record_recv_size;
handshake_internal_state_clear1(*session);
- /* emulate old gnutls behavior for old applications that do not use the priority_*
- * functions.
- */
- (*session)->internals.priorities.sr = SR_PARTIAL;
-
#ifdef HAVE_WRITEV
#ifdef MSG_NOSIGNAL
if (flags & GNUTLS_NO_SIGNAL)
gnutls_credentials_clear(session);
_gnutls_selected_certs_deinit(session);
+ if (session->internals.deinit_priorities &&
+ session->internals.priorities)
+ gnutls_priority_deinit(session->internals.priorities);
+
gnutls_free(session);
}
**/
void gnutls_session_enable_compatibility_mode(gnutls_session_t session)
{
- ENABLE_COMPAT(&session->internals.priorities);
+ ENABLE_COMPAT(&session->internals);
}
/**
static inline int _gnutls_dh_get_min_prime_bits(gnutls_session_t session)
{
- if (session->internals.priorities.dh_prime_bits != 0)
- return session->internals.priorities.dh_prime_bits;
+ if (session->internals.dh_prime_bits != 0)
+ return session->internals.dh_prime_bits;
else
return gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
session->internals.
- priorities.level);
+ priorities->level);
}
void _gnutls_handshake_internal_state_clear(gnutls_session_t);
if (our_cert) {
lstr = "Local";
- allow_key_usage_violation = session->internals.priorities.allow_server_key_usage_violation;
+ allow_key_usage_violation = session->internals.priorities->allow_server_key_usage_violation;
} else {
lstr = "Peer's";
- allow_key_usage_violation = session->internals.priorities.allow_key_usage_violation;
+ allow_key_usage_violation = session->internals.allow_key_usage_violation;
}
if (key_usage != 0) {
projects / thirdparty / gnutls.git / commitdiff
