GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is
appended to the ciphertext, not prepended.
+** gnutls-cli: New option --starttls-name
+ Depending on deployment, application protocols such as XMPP may
+ require a different origin address than the external address to be
+ presented prior to STARTTLS negotiation. The --starttls-name can
+ be used to specify specify the addresses separately.
+
** API and ABI modifications:
gnutls_pubkey_import_dh_raw: New function
gnutls_privkey_import_dh_raw: New function
fclose(fp);
}
- socket_open3(hd, hostname, service, OPT_ARG(STARTTLS_PROTO),
- socket_flags, CONNECT_MSG, &rdata, &edata);
+ socket_open_int(hd, hostname, service, OPT_ARG(STARTTLS_PROTO),
+ OPT_ARG(STARTTLS_NAME), socket_flags, CONNECT_MSG,
+ &rdata, &edata, NULL, NULL);
log_msg(stdout, "- Resume Handshake was completed\n");
if (gnutls_session_is_resumed(hd->session) != 0)
client_fp = fopen(OPT_ARG(SAVE_CLIENT_TRACE), "wb");
}
- socket_open2(&hd, hostname, service, OPT_ARG(STARTTLS_PROTO),
- socket_flags, CONNECT_MSG, NULL, NULL, server_fp,
- client_fp);
+ socket_open_int(&hd, hostname, service, OPT_ARG(STARTTLS_PROTO),
+ OPT_ARG(STARTTLS_NAME), socket_flags, CONNECT_MSG, NULL,
+ NULL, server_fp, client_fp);
hd.verbose = verbose;
],
"argument-type": "string"
},
+ {
+ "long-option": "starttls-name",
+ "description": "The hostname presented to the application protocol for STARTTLS (for smtp, xmpp, lmtp)",
+ "detail": "Specify the hostname presented to the application protocol for STARTTLS.",
+ "requires": [
+ "starttls-proto"
+ ],
+ "conflicts": [
+ "starttls"
+ ],
+ "argument-type": "string"
+ },
{
"long-option": "udp",
"short-option": "u",
log_msg(stdout, "Negotiating SMTP STARTTLS\n");
wait_for_text(socket, "220 ", 4);
- snprintf(buf, sizeof(buf), "EHLO %s\r\n", socket->hostname);
+ snprintf(buf, sizeof(buf), "EHLO %s\r\n",
+ socket->app_hostname ? socket->app_hostname :
+ socket->hostname);
send_line(socket, buf);
wait_for_text(socket, "250 ", 4);
send_line(socket, "STARTTLS\r\n");
snprintf(
buf, sizeof(buf),
"<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='%s' version='1.0'>\n",
- socket->hostname);
+ socket->app_hostname ? socket->app_hostname :
+ socket->hostname);
send_line(socket, buf);
wait_for_text(socket, "<?", 2);
send_line(
log_msg(stdout, "Negotiating LMTP STARTTLS\n");
wait_for_text(socket, "220 ", 4);
- snprintf(buf, sizeof(buf), "LHLO %s\r\n", socket->hostname);
+ snprintf(buf, sizeof(buf), "LHLO %s\r\n",
+ socket->app_hostname ? socket->app_hostname :
+ socket->hostname);
send_line(socket, buf);
wait_for_text(socket, "250 ", 4);
send_line(socket, "STARTTLS\r\n");
ms);
}
-void socket_open2(socket_st *hd, const char *hostname, const char *service,
- const char *app_proto, int flags, const char *msg,
- gnutls_datum_t *rdata, gnutls_datum_t *edata,
- FILE *server_trace, FILE *client_trace)
+void socket_open_int(socket_st *hd, const char *hostname, const char *service,
+ const char *app_proto, const char *app_hostname, int flags,
+ const char *msg, gnutls_datum_t *rdata,
+ gnutls_datum_t *edata, FILE *server_trace,
+ FILE *client_trace)
{
struct addrinfo hints, *res, *ptr;
int sd, err = 0;
hd->fd = sd;
if (flags & SOCKET_FLAG_STARTTLS) {
hd->app_proto = app_proto;
+ hd->app_hostname = app_hostname;
socket_starttls(hd);
hd->app_proto = NULL;
}
int secure;
char *hostname;
const char *app_proto;
+ const char *app_hostname;
char *ip;
char *service;
struct addrinfo *ptr;
int buffer_size);
ssize_t socket_send_range(const socket_st *socket, const void *buffer,
int buffer_size, gnutls_range_st *range);
-void socket_open2(socket_st *hd, const char *hostname, const char *service,
- const char *app_proto, int flags, const char *msg,
- gnutls_datum_t *rdata, gnutls_datum_t *edata,
- FILE *server_trace, FILE *client_trace);
+void socket_open_int(socket_st *hd, const char *hostname, const char *service,
+ const char *app_proto, const char *app_hostname, int flags,
+ const char *msg, gnutls_datum_t *rdata,
+ gnutls_datum_t *edata, FILE *server_trace,
+ FILE *client_trace);
-#define socket_open(hd, host, service, app_proto, flags, msg, rdata) \
- socket_open2(hd, host, service, app_proto, flags, msg, rdata, NULL, \
- NULL, NULL)
+#define socket_open(hd, host, service, app_proto, flags, msg, rdata) \
+ socket_open_int(hd, host, service, app_proto, NULL, flags, msg, rdata, \
+ NULL, NULL, NULL)
-#define socket_open3(hd, host, service, app_proto, flags, msg, rdata, edata) \
- socket_open2(hd, host, service, app_proto, flags, msg, rdata, edata, \
- NULL, NULL)
+#define socket_open2(hd, host, service, app_proto, flags, msg, rdata, edata, \
+ server_trace, client_trace) \
+ socket_open_int(hd, host, service, app_proto, NULL, flags, msg, rdata, \
+ edata, server_trace, client_trace)
void socket_bye(socket_st *socket, unsigned polite);
projects / thirdparty / gnutls.git / commitdiff
