From: Nikos Mavrogiannopoulos Date: Wed, 18 Jan 2012 18:57:45 +0000 (+0100) Subject: GNUTLS_E_NO_PRIORITIES_WERE_SET is also returned by gnutls_priority_set_* X-Git-Tag: gnutls-3_0_12~12 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4dcb8057054b748d3affff99323bb9d42a88c64e;p=thirdparty%2Fgnutls.git GNUTLS_E_NO_PRIORITIES_WERE_SET is also returned by gnutls_priority_set_* This allows to warn when an incomplete set of priorities is specified. Reported by Yaroslav Stavnichiy. --- diff --git a/NEWS b/NEWS index 1373bcf06b..76fa241f7a 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,9 @@ See the end for copying conditions. ** certtool: --outder option now works for private and public keys as well. +** libgnutls: Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET +to warn when no or insufficient priorities were set. + ** libgnutls: Corrected an alignment issue in ECDH key generation which prevented some keys from being correctly aligned in rare circumstances. diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index e1def739cb..d228cc35f6 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -51,7 +51,7 @@ static const gnutls_error_entry error_algorithms[] = { ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0), ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."), GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1), - ERROR_ENTRY (N_("No priorities were setup."), + ERROR_ENTRY (N_("No or insufficient priorities were set."), GNUTLS_E_NO_PRIORITIES_WERE_SET, 1), ERROR_ENTRY (N_("The cipher type is unsupported."), GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1), diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 1c2964eeb7..29fc363c7b 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -576,6 +576,13 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) session->internals.priorities.protocol. priority[0]); + if (session->internals.priorities.protocol.algorithms == 0 || + session->internals.priorities.cipher.algorithms == 0 || + session->internals.priorities.mac.algorithms == 0 || + session->internals.priorities.kx.algorithms == 0 || + session->internals.priorities.compression.algorithms == 0) + return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); + return 0; } diff --git a/src/cli.c b/src/cli.c index bde68eb7ad..722f85f660 100644 --- a/src/cli.c +++ b/src/cli.c @@ -545,6 +545,7 @@ static gnutls_session_t init_tls_session (const char *hostname) { const char *err; + int ret; gnutls_session_t session; @@ -558,9 +559,11 @@ init_tls_session (const char *hostname) gnutls_init (&session, GNUTLS_CLIENT); - if (gnutls_priority_set_direct (session, info.priorities, &err) < 0) + if ((ret = gnutls_priority_set_direct (session, info.priorities, &err)) < 0) { - fprintf (stderr, "Syntax error at: %s\n", err); + if (ret == GNUTLS_E_INVALID_REQUEST) fprintf (stderr, "Syntax error at: %s\n", err); + else + fprintf(stderr, "Error in priorities: %s\n", gnutls_strerror(ret)); exit (1); }