[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-89-ga21d08f
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-89-ga21d08f |
Date: |
Mon, 17 Sep 2012 18:19:55 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=a21d08f3a571871d3dfaca40e12dd8a4aed6b69c
The branch, master has been updated
via a21d08f3a571871d3dfaca40e12dd8a4aed6b69c (commit)
from f1ead0f60c33b14831f330b0cc8692e38315f6ed (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a21d08f3a571871d3dfaca40e12dd8a4aed6b69c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Sep 17 20:19:42 2012 +0200
Increased security levels by adding insecure.
-----------------------------------------------------------------------
Summary of changes:
lib/algorithms/secparams.c | 5 +++--
lib/gnutls_x509.c | 2 +-
lib/includes/gnutls/gnutls.h.in | 4 +++-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c
index fabd34e..2c88ba0 100644
--- a/lib/algorithms/secparams.c
+++ b/lib/algorithms/secparams.c
@@ -39,8 +39,9 @@ typedef struct
} gnutls_sec_params_entry;
static const gnutls_sec_params_entry sec_params[] = {
- {"Weak", GNUTLS_SEC_PARAM_WEAK, 0, 0, 0, 0, 0},
- {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
+ {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0},
+ {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160},
+ {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
{"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
{"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
{"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 7ddd626..ac9426d 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -73,7 +73,7 @@ check_bits (gnutls_session_t session, gnutls_x509_crt_t crt,
unsigned int max_bi
return GNUTLS_E_CONSTRAINT_ERROR;
}
- if (gnutls_pk_bits_to_sec_param(pk, bits) == GNUTLS_SEC_PARAM_WEAK)
+ if (gnutls_pk_bits_to_sec_param(pk, bits) == GNUTLS_SEC_PARAM_INSECURE)
{
gnutls_assert();
_gnutls_audit_log(session, "The security level of the certificate (%s:
%u) is weak\n", gnutls_pk_get_name(pk), bits);
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index c0e5c8e..b1685cd 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -664,7 +664,8 @@ typedef enum
/**
* gnutls_sec_param_t:
- * @GNUTLS_SEC_PARAM_WEAK: security level known to be weak
+ * @GNUTLS_SEC_PARAM_INSECURE: Less than 72 bits of security
+ * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
* @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
* @GNUTLS_SEC_PARAM_LOW: 80 bits of security
* @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
@@ -676,6 +677,7 @@ typedef enum
*/
typedef enum
{
+ GNUTLS_SEC_PARAM_INSECURE = -20,
GNUTLS_SEC_PARAM_WEAK = -10,
GNUTLS_SEC_PARAM_UNKNOWN = 0,
GNUTLS_SEC_PARAM_LOW = 1,
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-89-ga21d08f,
Nikos Mavrogiannopoulos <=