]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
When the %COMPAT flag is specified, larger records that would otherwise violate the...
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 1 Sep 2010 16:56:54 +0000 (18:56 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 1 Sep 2010 16:56:54 +0000 (18:56 +0200)
NEWS
lib/gnutls_int.h
lib/gnutls_priority.c
lib/gnutls_record.c

diff --git a/NEWS b/NEWS
index 3009b73181af5273dec6e175ad60539b416e5d6a..fc7dd472fbe3228163e83f5e38752b89b76268f7 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,9 @@ See the end for copying conditions.
 
 * Version 2.11.1 (unreleased)
 
+** libgnutls: The %COMPAT flag now allows larger records that violate the
+TLS spec.
+
 ** libgnutls: by default lowat level has been set to zero to avoid unnecessary
 system calls. Applications that depended on it being 1 should explicitly call
 gnutls_transport_set_lowat().
index 6d3ef8aed539c058e726a8ae81a0874cc4bfd29e..2d3767896a00525c06d18759ec8e617e3b153358 100644 (file)
@@ -433,6 +433,7 @@ struct gnutls_priority_st
 
   /* to disable record padding */
   int no_padding:1;
+  int allow_large_records:1;
   safe_renegotiation_t sr;
   int ssl3_record_version;
   int additional_verify_flags;
index 5f1045bf17a253b81674cb1d2e104e90b7cd111f..45b6a08998ece75109ee85d0688b83a48b7dec33 100644 (file)
@@ -713,9 +713,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
        }
       else if (broken_list[i][0] == '%')
        {
-         if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
+         if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) {
            (*priority_cache)->no_padding = 1;
-         else if (strcasecmp (&broken_list[i][1],
+           (*priority_cache)->allow_large_records = 1;
+         } else if (strcasecmp (&broken_list[i][1],
                               "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
            {
              prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5);
index ba5564ae0d648f6c97e74d6c2ca4fb8d4d4cd27b..4faa3ac6c65a68eab9d15a3182b4c0c8782831f6 100644 (file)
@@ -798,7 +798,8 @@ get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp)
 {
   size_t max_record_size;
 
-  if (gnutls_compression_get (session) != GNUTLS_COMP_NULL)
+  if (gnutls_compression_get (session) != GNUTLS_COMP_NULL ||
+      session->internals.priorities.allow_large_records != 0)
     max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE;
   else
     max_record_size = MAX_RECORD_RECV_SIZE;