* Version 2.11.1 (unreleased)
+** libgnutls: The %COMPAT flag now allows larger records that violate the
+TLS spec.
+
** libgnutls: by default lowat level has been set to zero to avoid unnecessary
system calls. Applications that depended on it being 1 should explicitly call
gnutls_transport_set_lowat().
/* to disable record padding */
int no_padding:1;
+ int allow_large_records:1;
safe_renegotiation_t sr;
int ssl3_record_version;
int additional_verify_flags;
}
else if (broken_list[i][0] == '%')
{
- if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
+ if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) {
(*priority_cache)->no_padding = 1;
- else if (strcasecmp (&broken_list[i][1],
+ (*priority_cache)->allow_large_records = 1;
+ } else if (strcasecmp (&broken_list[i][1],
"VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
{
prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5);
{
size_t max_record_size;
- if (gnutls_compression_get (session) != GNUTLS_COMP_NULL)
+ if (gnutls_compression_get (session) != GNUTLS_COMP_NULL ||
+ session->internals.priorities.allow_large_records != 0)
max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE;
else
max_record_size = MAX_RECORD_RECV_SIZE;