[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-150-g67ff3f2
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-150-g67ff3f2 |
|
Date: |
Wed, 03 Mar 2010 10:52:49 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=67ff3f2cedabcf1a831129466360280cd571ab85
The branch, master has been updated
via 67ff3f2cedabcf1a831129466360280cd571ab85 (commit)
from 13f93af11eadace67074e4133493fd5f3e302b47 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 67ff3f2cedabcf1a831129466360280cd571ab85
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 3 11:50:50 2010 +0100
Avoid sending alerts during handshake. Alerts might be interrupted and
return
a non-fatal error which will propagate and in many cases it shouldn't.
Avoid sending no renegotiation alert when a client connects to an unsafe
server. Thanks
to Tomas Hoger for the report.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_alert.c | 5 +++++
lib/gnutls_errors.c | 4 ++++
lib/gnutls_handshake.c | 28 +++++++---------------------
lib/includes/gnutls/gnutls.h.in | 2 ++
4 files changed, 18 insertions(+), 21 deletions(-)
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index f4c5287..71aae45 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -181,6 +181,10 @@ gnutls_error_to_alert (int err, int *level)
ret = GNUTLS_A_ILLEGAL_PARAMETER;
_level = GNUTLS_AL_FATAL;
break;
+ case GNUTLS_E_UNKNOWN_SRP_USERNAME:
+ ret = GNUTLS_A_UNKNOWN_PSK_IDENTITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
case GNUTLS_E_ASN1_DER_ERROR:
@@ -215,6 +219,7 @@ gnutls_error_to_alert (int err, int *level)
_level = GNUTLS_AL_FATAL;
break;
case GNUTLS_E_REHANDSHAKE:
+ case GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:
ret = GNUTLS_A_NO_RENEGOTIATION;
_level = GNUTLS_AL_WARNING;
break;
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 69d92ad..21f40b1 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -223,9 +223,13 @@ static const gnutls_error_entry error_algorithms[] = {
GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
ERROR_ENTRY (N_("Safe renegotiation failed."),
GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
+ ERROR_ENTRY (N_("Unsafe renegotiation denied."),
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
ERROR_ENTRY (N_("The SRP username supplied is illegal."),
GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
+ ERROR_ENTRY (N_("The SRP username supplied is unknown."),
+ GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 4e2952a..2ed4f5c 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2248,15 +2248,7 @@ _gnutls_send_server_hello (gnutls_session_t session, int
again)
* alert and abort.
*/
gnutls_assert ();
- ret = gnutls_alert_send (session, GNUTLS_AL_FATAL,
- GNUTLS_A_UNKNOWN_PSK_IDENTITY);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
}
}
#endif
@@ -2435,22 +2427,16 @@ _gnutls_recv_hello (gnutls_session_t session, opaque *
data, int datalen)
{
if (session->internals.priorities.unsafe_renegotiation != 0)
{
- _gnutls_handshake_log ("Allowing unsafe renegotiation!\n");
+ _gnutls_handshake_log ("Allowing unsafe (re)negotiation!\n");
}
else
{
gnutls_assert();
- _gnutls_handshake_log ("Denying unsafe renegotiation.\n");
- ret = gnutls_alert_send (session, GNUTLS_AL_WARNING,
- GNUTLS_A_NO_RENEGOTIATION);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ _gnutls_handshake_log ("Denying unsafe (re)negotiation.\n");
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED; /* send no
renegotiation alert */
+ else
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
}
}
else
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index c3b6262..8f3d828 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1685,6 +1685,8 @@ extern "C" {
#define GNUTLS_E_UNKNOWN_ALGORITHM -105
#define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
#define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
+#define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
+#define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
#define GNUTLS_E_BASE64_ENCODING_ERROR -201
#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-150-g67ff3f2,
Nikos Mavrogiannopoulos <=