Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavroyanopoulos
See the end for copying conditions.
+* Version 2.0.3 (unreleased)
+
+** This version backports several fixes from the 2.1.x branch.
+
+** Fixed PKCS #3 parameter export.
+
+** Added gnutls_record_disable_padding() to allow servers talking to
+buggy clients that complain if the TLS 1.0 record protocol padding is
+used.
+
+** Introduced gnutls_session_enable_compatibility_mode() to allow enabling
+all supported compatibility options (like disabling padding).
+
+** Corrected bug which did not allow a server to run without supporting
+certificates.
+
+** API and ABI modifications:
+gnutls_session_enable_compatibility_mode: ADDED
+gnutls_record_disable_padding: ADDED
+
* Version 2.0.2 (released 2007-10-17)
** TLS authorization support removed.
# Output a system dependent set of variables, describing how to set the
# run time search path of shared libraries in an executable.
#
-# Copyright 1996-2007 Free Software Foundation, Inc.
+# Copyright 1996-2006 Free Software Foundation, Inc.
# Taken from GNU libtool, 2001
# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
#
;;
esac
;;
- mingw* | cygwin* | pw32* | os2*)
+ mingw* | pw32* | os2*)
;;
hpux9* | hpux10* | hpux11*)
wl='-Wl,'
;;
newsos6)
;;
- linux* | k*bsd*-gnu)
+ linux*)
case $cc_basename in
icc* | ecc*)
wl='-Wl,'
osf3* | osf4* | osf5*)
wl='-Wl,'
;;
- rdos*)
+ sco3.2v5*)
;;
solaris*)
wl='-Wl,'
sunos4*)
wl='-Qoption ld '
;;
- sysv4 | sysv4.2uw2* | sysv4.3*)
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
wl='-Wl,'
;;
sysv4*MP*)
;;
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- wl='-Wl,'
- ;;
unicos*)
wl='-Wl,'
;;
ld_shlibs=no
fi
;;
- interix[3-9]*)
+ interix3*)
hardcode_direct=no
hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
;;
- gnu* | linux* | k*bsd*-gnu)
+ linux*)
if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
:
else
strings "$collect2name" | grep resolve_lib_name >/dev/null
then
# We have reworked collect2
- :
+ hardcode_direct=yes
else
# We have old collect2
hardcode_direct=unsupported
hardcode_direct=yes
hardcode_minus_L=yes
;;
- freebsd* | dragonfly*)
+ freebsd* | kfreebsd*-gnu | dragonfly*)
hardcode_libdir_flag_spec='-R$libdir'
hardcode_direct=yes
;;
hardcode_libdir_separator=:
;;
openbsd*)
- if test -f /usr/libexec/ld.so; then
- hardcode_direct=yes
- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- else
- case "$host_os" in
- openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
- hardcode_libdir_flag_spec='-R$libdir'
- ;;
- *)
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- ;;
- esac
- fi
+ hardcode_direct=yes
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
else
- ld_shlibs=no
+ case "$host_os" in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
fi
;;
os2*)
ld_shlibs=yes
fi
;;
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
;;
sysv5* | sco3.2v5* | sco5v6*)
hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
# Check dynamic linker characteristics
# Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER.
-# Unlike libtool.m4, here we don't care about _all_ names of the library, but
-# only about the one the linker finds when passed -lNAME. This is the last
-# element of library_names_spec in libtool.m4, or possibly two of them if the
-# linker has special search rules.
-library_names_spec= # the last element of library_names_spec in libtool.m4
libname_spec='lib$name'
case "$host_os" in
aix3*)
- library_names_spec='$libname.a'
;;
aix4* | aix5*)
- library_names_spec='$libname$shrext'
;;
amigaos*)
- library_names_spec='$libname.a'
;;
beos*)
- library_names_spec='$libname$shrext'
;;
bsdi[45]*)
- library_names_spec='$libname$shrext'
;;
cygwin* | mingw* | pw32*)
shrext=.dll
- library_names_spec='$libname.dll.a $libname.lib'
;;
darwin* | rhapsody*)
shrext=.dylib
- library_names_spec='$libname$shrext'
;;
dgux*)
- library_names_spec='$libname$shrext'
;;
freebsd1*)
;;
+ kfreebsd*-gnu)
+ ;;
freebsd* | dragonfly*)
- case "$host_os" in
- freebsd[123]*)
- library_names_spec='$libname$shrext$versuffix' ;;
- *)
- library_names_spec='$libname$shrext' ;;
- esac
;;
gnu*)
- library_names_spec='$libname$shrext'
;;
hpux9* | hpux10* | hpux11*)
case $host_cpu in
shrext=.sl
;;
esac
- library_names_spec='$libname$shrext'
;;
- interix[3-9]*)
- library_names_spec='$libname$shrext'
+ interix3*)
;;
irix5* | irix6* | nonstopux*)
- library_names_spec='$libname$shrext'
case "$host_os" in
irix5* | nonstopux*)
libsuff= shlibsuff=
;;
linux*oldld* | linux*aout* | linux*coff*)
;;
- linux* | k*bsd*-gnu)
- library_names_spec='$libname$shrext'
+ linux*)
;;
knetbsd*-gnu)
- library_names_spec='$libname$shrext'
;;
netbsd*)
- library_names_spec='$libname$shrext'
;;
newsos6)
- library_names_spec='$libname$shrext'
;;
nto-qnx*)
- library_names_spec='$libname$shrext'
;;
openbsd*)
- library_names_spec='$libname$shrext$versuffix'
;;
os2*)
libname_spec='$name'
shrext=.dll
- library_names_spec='$libname.a'
;;
osf3* | osf4* | osf5*)
- library_names_spec='$libname$shrext'
- ;;
- rdos*)
;;
solaris*)
- library_names_spec='$libname$shrext'
;;
sunos4*)
- library_names_spec='$libname$shrext$versuffix'
;;
sysv4 | sysv4.3*)
- library_names_spec='$libname$shrext'
;;
sysv4*MP*)
- library_names_spec='$libname$shrext'
;;
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- library_names_spec='$libname$shrext'
;;
uts4*)
- library_names_spec='$libname$shrext'
;;
esac
sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
-escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
-escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
# Shared library suffix (normally "so").
shlibext="$shlibext"
-# Format of library name prefix.
-libname_spec="$escaped_libname_spec"
-
-# Library names that the linker finds when passed -lNAME.
-library_names_spec="$escaped_library_names_spec"
-
# Flag to hardcode \$libdir into a binary during linking.
# This must work even if \$libdir does not exist.
hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
AC_PREREQ(2.61)
-AC_INIT([GnuTLS], [2.0.2], [bug-gnutls@gnu.org])
+AC_INIT([GnuTLS], [2.0.3], [bug-gnutls@gnu.org])
AC_CONFIG_AUX_DIR([build-aux])
AC_CANONICAL_TARGET
# Interfaces changed/added/removed: CURRENT++ REVISION=0
# Interfaces added: AGE++
# Interfaces removed: AGE=0
-AC_SUBST(LT_CURRENT, 21)
-AC_SUBST(LT_REVISION, 5)
-AC_SUBST(LT_AGE, 8)
+AC_SUBST(LT_CURRENT, 22)
+AC_SUBST(LT_REVISION, 6)
+AC_SUBST(LT_AGE, 9)
ac_full=1
# Used when creating the Windows libgnutls-XX.def files.
size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm);
+ void gnutls_session_enable_compatibility_mode (gnutls_session_t session);
+ void gnutls_record_disable_padding (gnutls_session_t session);
+
/* the name of the specified algorithms */
const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
opaque *p_data, *g_data;
opaque *all_data;
- _gnutls_mpi_print (NULL, &g_size, params->params[1]);
- _gnutls_mpi_print (NULL, &p_size, params->params[0]);
+ _gnutls_mpi_print_lz (NULL, &g_size, params->params[1]);
+ _gnutls_mpi_print_lz (NULL, &p_size, params->params[0]);
all_data = gnutls_malloc (g_size + p_size);
if (all_data == NULL)
p_data = &all_data[0];
g_data = &all_data[p_size];
- _gnutls_mpi_print (p_data, &p_size, params->params[0]);
- _gnutls_mpi_print (g_data, &g_size, params->params[1]);
+ _gnutls_mpi_print_lz (p_data, &p_size, params->params[0]);
+ _gnutls_mpi_print_lz (g_data, &g_size, params->params[1]);
/* Ok. Now we have the data. Create the asn1 structures
*/
int ret = 0;
cipher_suite_st *newSuite, cs;
int newSuiteSize = 0, i;
- gnutls_certificate_credentials_t x509_cred;
+ gnutls_certificate_credentials_t cert_cred;
gnutls_kx_algorithm_t kx;
int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
- gnutls_kx_algorithm_t *alg;
- int alg_size;
+ gnutls_kx_algorithm_t *alg = NULL;
+ int alg_size = 0;
/* if we should use a specific certificate,
* we should remove all algorithms that are not supported
* method (CERTIFICATE).
*/
- x509_cred =
+ cert_cred =
(gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
GNUTLS_CRD_CERTIFICATE,
NULL);
- /* if x509_cred==NULL we should remove all X509 ciphersuites
+ /* If there are certificate credentials, find an appropriate certificate
+ * or disable them;
*/
-
if (session->security_parameters.entity == GNUTLS_SERVER
- && x509_cred != NULL)
+ && cert_cred != NULL)
{
ret = _gnutls_server_select_cert (session, requested_pk_algo);
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ _gnutls_x509_log("Could not find an appropriate certificate: %s\n", gnutls_strerror(ret));
+ cert_cred = NULL;
}
}
/* get all the key exchange algorithms that are
* supported by the X509 certificate parameters.
*/
- if ((ret =
+ if (cert_cred != NULL && (ret =
_gnutls_selected_cert_supported_kx (session, &alg, &alg_size)) < 0)
{
gnutls_assert ();
/* sockets internals */
int lowat;
+
+ int no_padding;
/* These buffers are used in the handshake
* protocol only. freed using _gnutls_handshake_io_buffer_clear();
cipher_size =
_gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data,
- data2send_size, cipher, cipher_size, type, 1);
+ data2send_size, cipher, cipher_size, type, (session->internals.no_padding==0)?1:0);
if (cipher_size <= 0)
{
gnutls_assert ();
return 0;
}
+
+/**
+ * gnutls_record_disable_padding - Used to disabled padding in TLS 1.0 and above
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Used to disabled padding in TLS 1.0 and above. Normally you do not need
+ * to use this function, but there are buggy clients that complain if a
+ * server pads the encrypted data. This of course will disable protection
+ * against statistical attacks on the data.
+ *
+ * Normally only servers that require maximum compatibility with everything
+ * out there, need to call this function.
+ *
+ **/
+void gnutls_record_disable_padding (gnutls_session_t session)
+ {
+ session->internals.no_padding = 1;
+ }
+
+
\ No newline at end of file
session->internals.rsa_pms_version[0] = major;
session->internals.rsa_pms_version[1] = minor;
}
+
+
+/**
+ * gnutls_session_enable_compatibility_mode - Used to disable certain features in TLS in order to honour compatibility
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function can be used to disable certain (security) features in TLS
+ * in order to maintain maximum compatibility with buggy clients. It is
+ * equivalent to calling:
+ * gnutls_record_disable_padding()
+
+ * Normally only servers that require maximum compatibility with everything
+ * out there, need to call this function.
+ *
+ **/
+void
+gnutls_session_enable_compatibility_mode (gnutls_session_t session)
+{
+ gnutls_record_disable_padding( session);
+}
projects / thirdparty / gnutls.git / commitdiff
