From: Nikos Mavrogiannopoulos Date: Wed, 1 Sep 2010 16:56:54 +0000 (+0200) Subject: When the %COMPAT flag is specified, larger records that would otherwise violate the... X-Git-Tag: gnutls_2_11_3~55 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9573ebb1c95e460c7afbd1016838411bd897fc6e;p=thirdparty%2Fgnutls.git When the %COMPAT flag is specified, larger records that would otherwise violate the TLS spec, are accepted. --- diff --git a/NEWS b/NEWS index 3009b73181..fc7dd472fb 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,9 @@ See the end for copying conditions. * Version 2.11.1 (unreleased) +** libgnutls: The %COMPAT flag now allows larger records that violate the +TLS spec. + ** libgnutls: by default lowat level has been set to zero to avoid unnecessary system calls. Applications that depended on it being 1 should explicitly call gnutls_transport_set_lowat(). diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 6d3ef8aed5..2d3767896a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -433,6 +433,7 @@ struct gnutls_priority_st /* to disable record padding */ int no_padding:1; + int allow_large_records:1; safe_renegotiation_t sr; int ssl3_record_version; int additional_verify_flags; diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 5f1045bf17..45b6a08998 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -713,9 +713,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, } else if (broken_list[i][0] == '%') { - if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) + if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) { (*priority_cache)->no_padding = 1; - else if (strcasecmp (&broken_list[i][1], + (*priority_cache)->allow_large_records = 1; + } else if (strcasecmp (&broken_list[i][1], "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) { prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index ba5564ae0d..4faa3ac6c6 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -798,7 +798,8 @@ get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp) { size_t max_record_size; - if (gnutls_compression_get (session) != GNUTLS_COMP_NULL) + if (gnutls_compression_get (session) != GNUTLS_COMP_NULL || + session->internals.priorities.allow_large_records != 0) max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE; else max_record_size = MAX_RECORD_RECV_SIZE;