This allows to warn when an incomplete set of priorities is specified.
Reported by Yaroslav Stavnichiy.
** certtool: --outder option now works for private
and public keys as well.
+** libgnutls: Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET
+to warn when no or insufficient priorities were set.
+
** libgnutls: Corrected an alignment issue in ECDH
key generation which prevented some keys from being
correctly aligned in rare circumstances.
ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
- ERROR_ENTRY (N_("No priorities were setup."),
+ ERROR_ENTRY (N_("No or insufficient priorities were set."),
GNUTLS_E_NO_PRIORITIES_WERE_SET, 1),
ERROR_ENTRY (N_("The cipher type is unsupported."),
GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
session->internals.priorities.protocol.
priority[0]);
+ if (session->internals.priorities.protocol.algorithms == 0 ||
+ session->internals.priorities.cipher.algorithms == 0 ||
+ session->internals.priorities.mac.algorithms == 0 ||
+ session->internals.priorities.kx.algorithms == 0 ||
+ session->internals.priorities.compression.algorithms == 0)
+ return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
+
return 0;
}
init_tls_session (const char *hostname)
{
const char *err;
+ int ret;
gnutls_session_t session;
gnutls_init (&session, GNUTLS_CLIENT);
- if (gnutls_priority_set_direct (session, info.priorities, &err) < 0)
+ if ((ret = gnutls_priority_set_direct (session, info.priorities, &err)) < 0)
{
- fprintf (stderr, "Syntax error at: %s\n", err);
+ if (ret == GNUTLS_E_INVALID_REQUEST) fprintf (stderr, "Syntax error at: %s\n", err);
+ else
+ fprintf(stderr, "Error in priorities: %s\n", gnutls_strerror(ret));
exit (1);
}