]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Remove gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set.
authorSimon Josefsson <simon@josefsson.org>
Fri, 21 May 2010 07:39:08 +0000 (09:39 +0200)
committerSimon Josefsson <simon@josefsson.org>
Fri, 21 May 2010 11:56:36 +0000 (13:56 +0200)
NEWS
doc/announce.txt
doc/gnutls.texi
doc/manpages/Makefile.am
lib/ext_safe_renegotiation.c
lib/includes/gnutls/gnutls.h.in
lib/libgnutls.map
tests/safe-renegotiation/srn2.c

diff --git a/NEWS b/NEWS
index 5aa687d3cb4f11d36ed7cb13cc286c80f0583f4e..951458286009804b3737a9170fdcc8edcb6df0c4 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,8 +5,15 @@ See the end for copying conditions.
 
 * Version 2.9.11 (unreleased)
 
+** Removed two APIs related to safe renegotiation.
+Use priority strings instead.  The APIs were
+gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set.
+(Remember that we don't promise ABI stability during development
+series, so this doesn't cause an shared library ABI increment.)
+
 ** API and ABI modifications:
-No changes since last version.
+gnutls_safe_negotiation_set_initial: REMOVED.
+gnutls_safe_renegotiation_set: REMOVED.
 
 * Version 2.9.10 (released 2010-04-22)
 
index 5eaf5047992affb26f0114f8530ac2c60d361442..eba909e29fb72806725409bc3e5dc59739830536 100644 (file)
@@ -312,15 +312,10 @@ is possible to disable use of the extension completely by using the
 `%DISABLE_SAFE_RENEGOTIATION' priority string however this is
 recommended against except for debugging.
 
-For applications we have introduced three new APIs related to safe
+For applications we have introduced a new API related to safe
 renegotiation.  The gnutls_safe_renegotiation_status function is used
 to check if the extension has been negotiated on a session, and can be
-used both by clients and servers.  The gnutls_safe_renegotiation_set
-function allows applications to request that the extension should be
-disabled (or re-enabled) in handshakes for the session.  The
-gnutls_safe_negotiation_set_initial function is only relevant for
-servers, and is used to enforce that clients support the extension
-even on the initial handshake.
+used both by clients and servers.
 
 API/ABI changes in GnuTLS 2.10
 ==============================
@@ -349,8 +344,6 @@ gnutls_hmac_fast: ADDED.
 gnutls_hmac_get_len: ADDED.
 gnutls_hmac_init: ADDED.
 gnutls_hmac_output: ADDED.
-gnutls_safe_negotiation_set_initial: ADDED.
-gnutls_safe_renegotiation_set: ADDED.
 gnutls_safe_renegotiation_status: ADDED.
 gnutls_sign_algorithm_get_requested: ADDED.
 
index 17483067a4c7b0a15d9656d507e23cadad14849f..cf6185ec40fbed3ae8f554df4a1d4d7b4a441369 100644 (file)
@@ -1289,16 +1289,10 @@ priority string.  It is possible to disable use of the extension
 completely by using the @code{%DISABLE_SAFE_RENEGOTIATION} priority
 string however this is recommended against except for debugging.
 
-For applications we have introduced three new APIs related to safe
+For applications we have introduced a new API related to safe
 renegotiation.  The @ref{gnutls_safe_renegotiation_status} function is
 used to check if the extension has been negotiated on a session, and
-can be used both by clients and servers.  The
-@ref{gnutls_safe_renegotiation_set} function allows applications to
-request that the extension should be disabled (or re-enabled) in
-handshakes for the session.  The
-@ref{gnutls_safe_negotiation_set_initial} function is only relevant
-for servers, and is used to enforce that clients support the extension
-even on the initial handshake.
+can be used both by clients and servers.
 
 @node Authentication methods
 @chapter Authentication Methods
index 655e2d880ff6eadae4c1cd8746ef632fa4f0aeb5..36d92db4a62a2ecc67068aeea4f9ea7a25e5b6e7 100644 (file)
@@ -55,8 +55,6 @@ APIMANS += gnutls_crypto_mac_register2.3
 APIMANS += gnutls_crypto_digest_register2.3
 APIMANS += gnutls_oprfi_enable_client.3
 APIMANS += gnutls_oprfi_enable_server.3
-APIMANS += gnutls_safe_negotiation_set_initial.3
-APIMANS += gnutls_safe_renegotiation_set.3
 APIMANS += gnutls_safe_renegotiation_status.3
 APIMANS += gnutls_server_name_get.3
 APIMANS += gnutls_server_name_set.3
index da1a4f61b2af5ad2ef7f1301eebb2fb014db2196..15b9137817e40b200509082f6fc3057a564de3b3 100644 (file)
@@ -117,43 +117,6 @@ _gnutls_safe_renegotiation_send_params (gnutls_session_t session,
   return 1 + data[0];          /* don't forget the length byte */
 }
 
-/**
- * gnutls_safe_negotiation_set_initial:
- * @session: is a #gnutls_session_t structure.
- * @value: 0 to disable and 1 to enable
- *
- * Used to enable and disable initial safe renegotiation for the
- * current session. By default it is allowed for a client to not
- * advertise safe renegotiation capability but there might be cases
- * where signalling a client of its insecurity by rejecting session
- * might be beneficial.  This option has meaning only in server side.
- *
- * Since: 2.10.0
- **/
-void
-gnutls_safe_negotiation_set_initial (gnutls_session_t session, int value)
-{
-  session->internals.priorities.initial_safe_renegotiation = value;
-}
-
-/**
- * gnutls_safe_renegotiation_set:
- * @session: is a #gnutls_session_t structure.
- * @value: 0 to disable and 1 to enable
- *
- * Used to enable and disable safe renegotiation for the current
- * session. Normally you shouldn't cope with this function since the
- * default (enable) is sufficient, but there might be servers that
- * cannot handle or correctly handle the extension.
- *
- * Since: 2.10.0
- **/
-void
-gnutls_safe_renegotiation_set (gnutls_session_t session, int value)
-{
-  session->internals.priorities.unsafe_renegotiation = 1 - value;
-}
-
 /**
  * gnutls_safe_renegotiation_status:
  * @session: is a #gnutls_session_t structure.
index 8f19802b38427b40fba89e4aece37072d928edd6..56ff192e584798865c6a3027eed0387bc60270b6 100644 (file)
@@ -812,11 +812,6 @@ extern "C"
                              unsigned int *type, unsigned int indx);
 
   /* Safe renegotiation */
-  void gnutls_safe_negotiation_set_initial (gnutls_session_t session,
-                                           int value);
-
-  void gnutls_safe_renegotiation_set (gnutls_session_t session, int value);
-
   int gnutls_safe_renegotiation_status (gnutls_session_t session);
 
   /* Opaque PRF Input
index 5dfc75d8848dbe61a6ce47899dff4b0be3b63b87..4d16557f1572028f6667b7e02b256404567af553 100644 (file)
@@ -599,8 +599,6 @@ GNUTLS_2_10
     gnutls_hmac_deinit;
     gnutls_hmac_output;
     gnutls_certificate_set_verify_function;
-    gnutls_safe_negotiation_set_initial;
-    gnutls_safe_renegotiation_set;
     gnutls_safe_renegotiation_status;
 } GNUTLS_2_8;
 
index 0f4041f86eeb90a167c61f95f006a06130eadd60..e9ac540454347a193e0c386e9bb29a821d52cb18 100644 (file)
@@ -312,8 +312,8 @@ main (int argc, char *argv[])
     }
 
   /* Check that this API does not affect anything after first
-     handshake. */
-  gnutls_safe_negotiation_set_initial (server, 0);
+     handshake.
+  gnutls_safe_negotiation_set_initial (server, 0); */
 
   sret = gnutls_rehandshake (server);
   if (debug_level > 0)
@@ -371,8 +371,8 @@ main (int argc, char *argv[])
   if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
     exit_code = 1;
 
-  /* Check that disabling the extension will break rehandshakes. */
-  gnutls_safe_renegotiation_set (client, 0);
+  /* Check that disabling the extension will break rehandshakes.
+     gnutls_safe_renegotiation_set (client, 0); */
 
   sret = gnutls_rehandshake (server);
   if (debug_level > 0)