]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Each ciphersuite is now tight with a minimum TLS version and a maximum
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 20 Mar 2010 11:21:17 +0000 (12:21 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 20 Mar 2010 11:21:17 +0000 (12:21 +0100)
one. It is valid if it is between (and including) those. This was added
to deprecate TLS_RSA_EXPORT_WITH_RC4_40_MD5 which is not available
with TLS 1.1. Reported by Adrian F. Dimcev.

lib/gnutls_algorithms.c
lib/gnutls_algorithms.h
lib/includes/gnutls/gnutls.h.in
src/serv-gaa.c
src/serv.gaa

index fa120226c58e1838a78cdc11d62e74c7ab41f9c2..ac506193d9098ee8a9635f4582ec7da4ba74200c 100644 (file)
@@ -338,8 +338,8 @@ static const gnutls_kx_algorithm_t supported_kxs[] = {
 
 
 /* Cipher SUITES */
-#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, version ) \
-       { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version }
+#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version ) \
+       { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version }
 
 typedef struct
 {
@@ -348,9 +348,10 @@ typedef struct
   gnutls_cipher_algorithm_t block_algorithm;
   gnutls_kx_algorithm_t kx_algorithm;
   gnutls_mac_algorithm_t mac_algorithm;
-  gnutls_protocol_t version;   /* this cipher suite is supported
+  gnutls_protocol_t min_version;       /* this cipher suite is supported
                                 * from 'version' and above;
                                 */
+  gnutls_protocol_t max_version;/* this cipher suite is not supported after that */
 } gnutls_cipher_suite_entry;
 
 /* RSA with NULL cipher and MD5 MAC
@@ -482,194 +483,194 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
                             GNUTLS_CIPHER_ARCFOUR_128,
                             GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
-                            GNUTLS_SSL3),
+                            GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
 #ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
                             GNUTLS_CIPHER_CAMELLIA_128_CBC,
                             GNUTLS_KX_ANON_DH,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
                             GNUTLS_CIPHER_CAMELLIA_256_CBC,
                             GNUTLS_KX_ANON_DH,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 #endif
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
-                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
-                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
 
   /* PSK */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
                             GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 
   /* DHE-PSK */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
                             GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 
   /* SRP */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 
   /* DHE_DSS */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
                             GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
 #ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
                             GNUTLS_CIPHER_CAMELLIA_128_CBC,
                             GNUTLS_KX_DHE_DSS,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
                             GNUTLS_CIPHER_CAMELLIA_256_CBC,
                             GNUTLS_KX_DHE_DSS,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 #endif
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
-                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
-                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
   /* DHE_RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
 #ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
                             GNUTLS_CIPHER_CAMELLIA_128_CBC,
                             GNUTLS_KX_DHE_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
                             GNUTLS_CIPHER_CAMELLIA_256_CBC,
                             GNUTLS_KX_DHE_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 #endif
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
-                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
-                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
   /* RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
                             GNUTLS_CIPHER_NULL,
-                            GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
+                            GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
                             GNUTLS_CIPHER_ARCFOUR_40,
                             GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
-                            GNUTLS_SSL3),
+                            GNUTLS_SSL3, GNUTLS_TLS1_0),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
                             GNUTLS_CIPHER_ARCFOUR_128,
-                            GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
                             GNUTLS_CIPHER_ARCFOUR_128,
-                            GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
+                            GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC,
-                            GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+                            GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
 #ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
                             GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
                             GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
-                            GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+                            GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
 #endif
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
-                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
-                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RENEGO_PROTECTION_REQUEST,
                             GNUTLS_CIPHER_UNKNOWN, GNUTLS_KX_UNKNOWN,
-                            GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3),
-  {0, {{0, 0}}, 0, 0, 0, 0}
+                            GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
+  {0, {{0, 0}}, 0, 0, 0, 0, 0}
 };
 
 #define GNUTLS_CIPHER_SUITE_LOOP(b) \
@@ -1318,10 +1319,10 @@ _gnutls_cipher_suite_get_cipher_algo (const cipher_suite_st * suite)
 }
 
 gnutls_protocol_t
-_gnutls_cipher_suite_get_version (const cipher_suite_st * suite)
+_gnutls_cipher_suite_is_version_supported (const cipher_suite_st * suite, gnutls_protocol_t version)
 {
   int ret = 0;
-  GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->version);
+  GNUTLS_CIPHER_SUITE_ALG_LOOP ( (version >= p->min_version && version <= p->max_version)?(ret=1):(ret=0));
   return ret;
 }
 
@@ -1407,7 +1408,7 @@ gnutls_cipher_suite_info (size_t idx,
                          gnutls_kx_algorithm_t * kx,
                          gnutls_cipher_algorithm_t * cipher,
                          gnutls_mac_algorithm_t * mac,
-                         gnutls_protocol_t * version)
+                         gnutls_protocol_t * min_version)
 {
   if (idx >= CIPHER_SUITES_COUNT)
     return NULL;
@@ -1420,8 +1421,8 @@ gnutls_cipher_suite_info (size_t idx,
     *cipher = cs_algorithms[idx].block_algorithm;
   if (mac)
     *mac = cs_algorithms[idx].mac_algorithm;
-  if (version)
-    *version = cs_algorithms[idx].version;
+  if (min_version)
+    *min_version = cs_algorithms[idx].min_version;
 
   return cs_algorithms[idx].name + sizeof ("GNU") - 1;
 }
@@ -1670,7 +1671,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session,
       /* remove cipher suites which do not support the
        * protocol version used.
        */
-      if (_gnutls_cipher_suite_get_version (&tmp_ciphers[i]) > version)
+      if (_gnutls_cipher_suite_is_version_supported (&tmp_ciphers[i], version) == 0)
        continue;
 
       if (_gnutls_kx_priority
index 34df282d43e8e97a6dc67fbb9f873199d57e90e0..2a0f76c9d47297c5bf2d8088e7a76dfa3d71c384 100644 (file)
@@ -68,8 +68,8 @@ gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st
 gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
                                                          cipher_suite_st *
                                                          algorithm);
-gnutls_protocol_t _gnutls_cipher_suite_get_version (const cipher_suite_st *
-                                                   algorithm);
+gnutls_protocol_t _gnutls_cipher_suite_is_version_supported (const cipher_suite_st *
+                                                   algorithm, gnutls_protocol_t);
 cipher_suite_st _gnutls_cipher_suite_get_suite_name (cipher_suite_st *
                                                     algorithm);
 
index 26a979dbc6fc5d12ca15a193a20882c0d968df7d..9754d40103206d997c43661a34e9fbfa53fbec9e 100644 (file)
@@ -497,8 +497,10 @@ extern "C" {
       GNUTLS_TLS1 = GNUTLS_TLS1_0,
       GNUTLS_TLS1_1 = 3,
       GNUTLS_TLS1_2 = 4,
+      GNUTLS_TLS_END_VERSION,
       GNUTLS_VERSION_UNKNOWN = 0xff
     } gnutls_protocol_t;
+#define GNUTLS_TLS_MAX_VERSION (GNUTLS_TLS_END_VERSION-1)
 
   /**
    * gnutls_certificate_type_t:
index 3bab62df871a2e44a326480528d04e8e4b30faaf..3f762efec87cbdfddc9cfede618f97742d7675d0 100644 (file)
@@ -126,7 +126,7 @@ void gaa_help(void)
 {
        printf("GNU TLS test server\nUsage: gnutls-serv [options]\n\n\n");
        __gaa_helpsingle('d', "debug", "integer ", "Enable debugging");
-       __gaa_helpsingle('g', "generate", "", "Generate Diffie-Hellman Parameters.");
+       __gaa_helpsingle('g', "generate", "", "Generate Diffie-Hellman and RSA-EXPORT Parameters.");
        __gaa_helpsingle('p', "port", "integer ", "The port to connect to.");
        __gaa_helpsingle('q', "quiet", "", "Suppress some messages.");
        __gaa_helpsingle(0, "nodb", "", "Does not use the resume database.");
@@ -505,12 +505,31 @@ static int gaa_getint(char *arg)
     return tmp;
 }
 
+static char gaa_getchar(char *arg)
+{
+    if(strlen(arg) != 1)
+    {
+        printf("Option %s: '%s' isn't an character\n", gaa_current_option, arg);
+        GAAERROR(-1);
+    }
+    return arg[0];
+}
 
 static char* gaa_getstr(char *arg)
 {
     return arg;
 }
-
+static float gaa_getfloat(char *arg)
+{
+    float tmp;
+    char a;
+    if(sscanf(arg, "%f%c", &tmp, &a) < 1)
+    {
+        printf("Option %s: '%s' isn't a float number\n", gaa_current_option, arg);
+        GAAERROR(-1);
+    }
+    return tmp;
+}
 /* option structures */
 
 struct GAAOPTION_priority 
@@ -1161,19 +1180,16 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 int gaa(int argc, char **argv, gaainfo *gaaval)
 {
     int tmp1, tmp2;
-    int l;
-    size_t i, j, k;
+    int i, j, k;
     char *opt_list;
 
-    i = 0;
-
     GAAargv = argv;
     GAAargc = argc;
 
     opt_list = (char*) gaa_malloc(GAA_NB_OPTION + 1);
 
-    for(l = 0; l < GAA_NB_OPTION + 1; l++)
-        opt_list[l] = 0;
+    for(i = 0; i < GAA_NB_OPTION + 1; i++)
+        opt_list[i] = 0;
     /* initialization */
     if(inited == 0)
     {
@@ -1200,27 +1216,27 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
       gaa_arg_used = gaa_malloc(argc * sizeof(char));
     }
 
-    for(l = 1; l < argc; l++)
-        gaa_arg_used[l] = 0;
-    for(l = 1; l < argc; l++)
+    for(i = 1; i < argc; i++)
+        gaa_arg_used[i] = 0;
+    for(i = 1; i < argc; i++)
     {
-        if(gaa_arg_used[l] == 0)
+        if(gaa_arg_used[i] == 0)
         {
             j = 0;
-            tmp1 = gaa_is_an_argument(GAAargv[l]);
+            tmp1 = gaa_is_an_argument(GAAargv[i]);
             switch(tmp1)
             {
             case GAA_WORD_OPTION:
                 j++;
             case GAA_LETTER_OPTION:
                 j++;
-                tmp2 = gaa_get_option_num(argv[l]+j, tmp1);
+                tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
                 if(tmp2 == GAA_ERROR_NOMATCH)
                 {
-                    printf("Invalid option '%s'\n", argv[l]+j);
+                    printf("Invalid option '%s'\n", argv[i]+j);
                     return 0;
                 }
-                switch(gaa_try(tmp2, l+1, gaaval, opt_list))
+                switch(gaa_try(tmp2, i+1, gaaval, opt_list))
                 {
                 case GAA_ERROR_NOTENOUGH_ARGS:
                     printf("'%s': not enough arguments\n",gaa_current_option);
@@ -1233,18 +1249,18 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
                 default:
                     printf("Unknown error\n");
                 }
-                gaa_arg_used[l] = 1;
+                gaa_arg_used[i] = 1;
                 break;
             case GAA_MULTIPLE_OPTION:
-                for(j = 1; j < strlen(argv[l]); j++)
+                for(j = 1; j < strlen(argv[i]); j++)
                 {
-                    tmp2 = gaa_get_option_num(argv[l]+j, tmp1);
+                    tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
                     if(tmp2 == GAA_ERROR_NOMATCH)
                     {
-                        printf("Invalid option '%c'\n", *(argv[l]+j));
+                        printf("Invalid option '%c'\n", *(argv[i]+j));
                         return 0;
                     }
-                    switch(gaa_try(tmp2, l+1, gaaval, opt_list))
+                    switch(gaa_try(tmp2, i+1, gaaval, opt_list))
                     {
                     case GAA_ERROR_NOTENOUGH_ARGS:
                         printf("'%s': not enough arguments\n",gaa_current_option);
@@ -1258,7 +1274,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
                         printf("Unknown error\n");
                     }
                 }
-                gaa_arg_used[l] = 1;
+                gaa_arg_used[i] = 1;
                 break;
             default: break;
             }
@@ -1285,9 +1301,9 @@ if(gaa_processing_file == 0)
     }
 #endif
 }
-    for(l = 1; l < argc; l++)
+    for(i = 1; i < argc; i++)
     {
-        if(gaa_arg_used[l] == 0)
+        if(gaa_arg_used[i] == 0)
         {
             printf("Too many arguments\n");
             return 0;
@@ -1338,7 +1354,7 @@ static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc
 
         len++;
         a = fgetc( file);
-        if(a==EOF) return 0; /* a = ' '; */
+        if(a==EOF) return 0; //a = ' ';
     }
 
     len += 1;
index c216e0000e7beaa020187e55d6666789ff0939de..474542d4d2d9d892a7895da186bfba647d89ca07 100644 (file)
@@ -13,7 +13,7 @@ helpnode "GNU TLS test server\nUsage: gnutls-serv [options]\n\n"
 option (d, debug) INT "integer" { $debug = $1 } "Enable debugging" 
 
 #int generate;
-option (g, generate) { $generate = 1 } "Generate Diffie-Hellman Parameters."
+option (g, generate) { $generate = 1 } "Generate Diffie-Hellman and RSA-EXPORT Parameters."
 
 #int port;
 option (p, port) INT "integer" { $port = $1 } "The port to connect to."