* Version 2.9.11 (unreleased)
+** Removed two APIs related to safe renegotiation.
+Use priority strings instead. The APIs were
+gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set.
+(Remember that we don't promise ABI stability during development
+series, so this doesn't cause an shared library ABI increment.)
+
** API and ABI modifications:
-No changes since last version.
+gnutls_safe_negotiation_set_initial: REMOVED.
+gnutls_safe_renegotiation_set: REMOVED.
* Version 2.9.10 (released 2010-04-22)
`%DISABLE_SAFE_RENEGOTIATION' priority string however this is
recommended against except for debugging.
-For applications we have introduced three new APIs related to safe
+For applications we have introduced a new API related to safe
renegotiation. The gnutls_safe_renegotiation_status function is used
to check if the extension has been negotiated on a session, and can be
-used both by clients and servers. The gnutls_safe_renegotiation_set
-function allows applications to request that the extension should be
-disabled (or re-enabled) in handshakes for the session. The
-gnutls_safe_negotiation_set_initial function is only relevant for
-servers, and is used to enforce that clients support the extension
-even on the initial handshake.
+used both by clients and servers.
API/ABI changes in GnuTLS 2.10
==============================
gnutls_hmac_get_len: ADDED.
gnutls_hmac_init: ADDED.
gnutls_hmac_output: ADDED.
-gnutls_safe_negotiation_set_initial: ADDED.
-gnutls_safe_renegotiation_set: ADDED.
gnutls_safe_renegotiation_status: ADDED.
gnutls_sign_algorithm_get_requested: ADDED.
completely by using the @code{%DISABLE_SAFE_RENEGOTIATION} priority
string however this is recommended against except for debugging.
-For applications we have introduced three new APIs related to safe
+For applications we have introduced a new API related to safe
renegotiation. The @ref{gnutls_safe_renegotiation_status} function is
used to check if the extension has been negotiated on a session, and
-can be used both by clients and servers. The
-@ref{gnutls_safe_renegotiation_set} function allows applications to
-request that the extension should be disabled (or re-enabled) in
-handshakes for the session. The
-@ref{gnutls_safe_negotiation_set_initial} function is only relevant
-for servers, and is used to enforce that clients support the extension
-even on the initial handshake.
+can be used both by clients and servers.
@node Authentication methods
@chapter Authentication Methods
APIMANS += gnutls_crypto_digest_register2.3
APIMANS += gnutls_oprfi_enable_client.3
APIMANS += gnutls_oprfi_enable_server.3
-APIMANS += gnutls_safe_negotiation_set_initial.3
-APIMANS += gnutls_safe_renegotiation_set.3
APIMANS += gnutls_safe_renegotiation_status.3
APIMANS += gnutls_server_name_get.3
APIMANS += gnutls_server_name_set.3
return 1 + data[0]; /* don't forget the length byte */
}
-/**
- * gnutls_safe_negotiation_set_initial:
- * @session: is a #gnutls_session_t structure.
- * @value: 0 to disable and 1 to enable
- *
- * Used to enable and disable initial safe renegotiation for the
- * current session. By default it is allowed for a client to not
- * advertise safe renegotiation capability but there might be cases
- * where signalling a client of its insecurity by rejecting session
- * might be beneficial. This option has meaning only in server side.
- *
- * Since: 2.10.0
- **/
-void
-gnutls_safe_negotiation_set_initial (gnutls_session_t session, int value)
-{
- session->internals.priorities.initial_safe_renegotiation = value;
-}
-
-/**
- * gnutls_safe_renegotiation_set:
- * @session: is a #gnutls_session_t structure.
- * @value: 0 to disable and 1 to enable
- *
- * Used to enable and disable safe renegotiation for the current
- * session. Normally you shouldn't cope with this function since the
- * default (enable) is sufficient, but there might be servers that
- * cannot handle or correctly handle the extension.
- *
- * Since: 2.10.0
- **/
-void
-gnutls_safe_renegotiation_set (gnutls_session_t session, int value)
-{
- session->internals.priorities.unsafe_renegotiation = 1 - value;
-}
-
/**
* gnutls_safe_renegotiation_status:
* @session: is a #gnutls_session_t structure.
unsigned int *type, unsigned int indx);
/* Safe renegotiation */
- void gnutls_safe_negotiation_set_initial (gnutls_session_t session,
- int value);
-
- void gnutls_safe_renegotiation_set (gnutls_session_t session, int value);
-
int gnutls_safe_renegotiation_status (gnutls_session_t session);
/* Opaque PRF Input
gnutls_hmac_deinit;
gnutls_hmac_output;
gnutls_certificate_set_verify_function;
- gnutls_safe_negotiation_set_initial;
- gnutls_safe_renegotiation_set;
gnutls_safe_renegotiation_status;
} GNUTLS_2_8;
}
/* Check that this API does not affect anything after first
- handshake. */
- gnutls_safe_negotiation_set_initial (server, 0);
+ handshake.
+ gnutls_safe_negotiation_set_initial (server, 0); */
sret = gnutls_rehandshake (server);
if (debug_level > 0)
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = 1;
- /* Check that disabling the extension will break rehandshakes. */
- gnutls_safe_renegotiation_set (client, 0);
+ /* Check that disabling the extension will break rehandshakes.
+ gnutls_safe_renegotiation_set (client, 0); */
sret = gnutls_rehandshake (server);
if (debug_level > 0)