* Version 3.3.2 (unreleased)
+** libgnutls: Added the 'very weak' certificate verification profile
+that corresponds to 64-bit security level.
+
** libgnutls: Corrected file descriptor leak on random generator
initialization.
** certtool: Allow exporting a CRL on DER format.
** API and ABI modifications:
-No changes since last version.
+GNUTLS_PROFILE_VERY_WEAK: Added
* Version 3.3.1 (released 2014-04-19)
@tab @code{INSECURE}
@tab Considered to be insecure
+@item 64
+@tab 768
+@tab 128
+@tab @code{VERY WEAK}
+@tab Short term protection against individuals
+
@item 72
@tab 1008
@tab 160
{
c->additional_verify_flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS;
}
+static void enable_profile_very_weak(gnutls_priority_t c)
+{
+ c->additional_verify_flags &= 0x00ffffff;
+ c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_VERY_WEAK);
+ c->level = GNUTLS_SEC_PARAM_VERY_WEAK;
+}
static void enable_profile_low(gnutls_priority_t c)
{
c->additional_verify_flags &= 0x00ffffff;
/**
* gnutls_certificate_verification_profiles_t:
+ * @GNUTLS_PROFILE_VERY_WEAK: A verification profile that
+ * corresponds to @GNUTLS_SEC_PARAM_VERY_WEAK (64 bits)
* @GNUTLS_PROFILE_LOW: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_LOW (80 bits)
* @GNUTLS_PROFILE_LEGACY: A verification profile that
* Enumeration of different certificate verification profiles.
*/
typedef enum gnutls_certificate_verification_profiles_t {
+ GNUTLS_PROFILE_VERY_WEAK = 1,
GNUTLS_PROFILE_LOW = 2,
GNUTLS_PROFILE_LEGACY = 4,
GNUTLS_PROFILE_MEDIUM = 5,
DISABLE_SAFE_RENEGOTIATION, disable_safe_renegotiation
DISABLE_WILDCARDS, disable_wildcards
SERVER_PRECEDENCE, enable_server_precedence
+PROFILE_VERY_WEAK, enable_profile_very_weak
PROFILE_LOW, enable_profile_low
PROFILE_LEGACY, enable_profile_legacy
PROFILE_MEDIUM, enable_profile_medium
return gnutls_assert_val(0);
switch (profile) {
+ CASE_SEC_PARAM(GNUTLS_PROFILE_VERY_WEAK, GNUTLS_SEC_PARAM_VERY_WEAK);
CASE_SEC_PARAM(GNUTLS_PROFILE_LOW, GNUTLS_SEC_PARAM_LOW);
CASE_SEC_PARAM(GNUTLS_PROFILE_LEGACY, GNUTLS_SEC_PARAM_LEGACY);
CASE_SEC_PARAM(GNUTLS_PROFILE_MEDIUM, GNUTLS_SEC_PARAM_MEDIUM);