From: Simon Josefsson Date: Fri, 21 May 2010 07:39:08 +0000 (+0200) Subject: Remove gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set. X-Git-Tag: gnutls_2_9_11~50 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bef37bc1f17c833f8a21c2bebd39baaa343b20d3;p=thirdparty%2Fgnutls.git Remove gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set. --- diff --git a/NEWS b/NEWS index 5aa687d3cb..9514582860 100644 --- a/NEWS +++ b/NEWS @@ -5,8 +5,15 @@ See the end for copying conditions. * Version 2.9.11 (unreleased) +** Removed two APIs related to safe renegotiation. +Use priority strings instead. The APIs were +gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set. +(Remember that we don't promise ABI stability during development +series, so this doesn't cause an shared library ABI increment.) + ** API and ABI modifications: -No changes since last version. +gnutls_safe_negotiation_set_initial: REMOVED. +gnutls_safe_renegotiation_set: REMOVED. * Version 2.9.10 (released 2010-04-22) diff --git a/doc/announce.txt b/doc/announce.txt index 5eaf504799..eba909e29f 100644 --- a/doc/announce.txt +++ b/doc/announce.txt @@ -312,15 +312,10 @@ is possible to disable use of the extension completely by using the `%DISABLE_SAFE_RENEGOTIATION' priority string however this is recommended against except for debugging. -For applications we have introduced three new APIs related to safe +For applications we have introduced a new API related to safe renegotiation. The gnutls_safe_renegotiation_status function is used to check if the extension has been negotiated on a session, and can be -used both by clients and servers. The gnutls_safe_renegotiation_set -function allows applications to request that the extension should be -disabled (or re-enabled) in handshakes for the session. The -gnutls_safe_negotiation_set_initial function is only relevant for -servers, and is used to enforce that clients support the extension -even on the initial handshake. +used both by clients and servers. API/ABI changes in GnuTLS 2.10 ============================== @@ -349,8 +344,6 @@ gnutls_hmac_fast: ADDED. gnutls_hmac_get_len: ADDED. gnutls_hmac_init: ADDED. gnutls_hmac_output: ADDED. -gnutls_safe_negotiation_set_initial: ADDED. -gnutls_safe_renegotiation_set: ADDED. gnutls_safe_renegotiation_status: ADDED. gnutls_sign_algorithm_get_requested: ADDED. diff --git a/doc/gnutls.texi b/doc/gnutls.texi index 17483067a4..cf6185ec40 100644 --- a/doc/gnutls.texi +++ b/doc/gnutls.texi @@ -1289,16 +1289,10 @@ priority string. It is possible to disable use of the extension completely by using the @code{%DISABLE_SAFE_RENEGOTIATION} priority string however this is recommended against except for debugging. -For applications we have introduced three new APIs related to safe +For applications we have introduced a new API related to safe renegotiation. The @ref{gnutls_safe_renegotiation_status} function is used to check if the extension has been negotiated on a session, and -can be used both by clients and servers. The -@ref{gnutls_safe_renegotiation_set} function allows applications to -request that the extension should be disabled (or re-enabled) in -handshakes for the session. The -@ref{gnutls_safe_negotiation_set_initial} function is only relevant -for servers, and is used to enforce that clients support the extension -even on the initial handshake. +can be used both by clients and servers. @node Authentication methods @chapter Authentication Methods diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index 655e2d880f..36d92db4a6 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -55,8 +55,6 @@ APIMANS += gnutls_crypto_mac_register2.3 APIMANS += gnutls_crypto_digest_register2.3 APIMANS += gnutls_oprfi_enable_client.3 APIMANS += gnutls_oprfi_enable_server.3 -APIMANS += gnutls_safe_negotiation_set_initial.3 -APIMANS += gnutls_safe_renegotiation_set.3 APIMANS += gnutls_safe_renegotiation_status.3 APIMANS += gnutls_server_name_get.3 APIMANS += gnutls_server_name_set.3 diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c index da1a4f61b2..15b9137817 100644 --- a/lib/ext_safe_renegotiation.c +++ b/lib/ext_safe_renegotiation.c @@ -117,43 +117,6 @@ _gnutls_safe_renegotiation_send_params (gnutls_session_t session, return 1 + data[0]; /* don't forget the length byte */ } -/** - * gnutls_safe_negotiation_set_initial: - * @session: is a #gnutls_session_t structure. - * @value: 0 to disable and 1 to enable - * - * Used to enable and disable initial safe renegotiation for the - * current session. By default it is allowed for a client to not - * advertise safe renegotiation capability but there might be cases - * where signalling a client of its insecurity by rejecting session - * might be beneficial. This option has meaning only in server side. - * - * Since: 2.10.0 - **/ -void -gnutls_safe_negotiation_set_initial (gnutls_session_t session, int value) -{ - session->internals.priorities.initial_safe_renegotiation = value; -} - -/** - * gnutls_safe_renegotiation_set: - * @session: is a #gnutls_session_t structure. - * @value: 0 to disable and 1 to enable - * - * Used to enable and disable safe renegotiation for the current - * session. Normally you shouldn't cope with this function since the - * default (enable) is sufficient, but there might be servers that - * cannot handle or correctly handle the extension. - * - * Since: 2.10.0 - **/ -void -gnutls_safe_renegotiation_set (gnutls_session_t session, int value) -{ - session->internals.priorities.unsafe_renegotiation = 1 - value; -} - /** * gnutls_safe_renegotiation_status: * @session: is a #gnutls_session_t structure. diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 8f19802b38..56ff192e58 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -812,11 +812,6 @@ extern "C" unsigned int *type, unsigned int indx); /* Safe renegotiation */ - void gnutls_safe_negotiation_set_initial (gnutls_session_t session, - int value); - - void gnutls_safe_renegotiation_set (gnutls_session_t session, int value); - int gnutls_safe_renegotiation_status (gnutls_session_t session); /* Opaque PRF Input diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 5dfc75d884..4d16557f15 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -599,8 +599,6 @@ GNUTLS_2_10 gnutls_hmac_deinit; gnutls_hmac_output; gnutls_certificate_set_verify_function; - gnutls_safe_negotiation_set_initial; - gnutls_safe_renegotiation_set; gnutls_safe_renegotiation_status; } GNUTLS_2_8; diff --git a/tests/safe-renegotiation/srn2.c b/tests/safe-renegotiation/srn2.c index 0f4041f86e..e9ac540454 100644 --- a/tests/safe-renegotiation/srn2.c +++ b/tests/safe-renegotiation/srn2.c @@ -312,8 +312,8 @@ main (int argc, char *argv[]) } /* Check that this API does not affect anything after first - handshake. */ - gnutls_safe_negotiation_set_initial (server, 0); + handshake. + gnutls_safe_negotiation_set_initial (server, 0); */ sret = gnutls_rehandshake (server); if (debug_level > 0) @@ -371,8 +371,8 @@ main (int argc, char *argv[]) if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; - /* Check that disabling the extension will break rehandshakes. */ - gnutls_safe_renegotiation_set (client, 0); + /* Check that disabling the extension will break rehandshakes. + gnutls_safe_renegotiation_set (client, 0); */ sret = gnutls_rehandshake (server); if (debug_level > 0)