[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-109-ga1a680a
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-109-ga1a680a |
Date: |
Sat, 11 Aug 2012 13:14:00 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=a1a680a3487527c1d005686164d9246398b91536
The branch, master has been updated
via a1a680a3487527c1d005686164d9246398b91536 (commit)
via 5d5eee46c5f5f0b32e0605bd90edb4a305f549df (commit)
via ee948a1ba03d1f967b728ba79d6f5ee061bd8746 (commit)
via ebe3a3b7465880a920b00b928d5e89493144f581 (commit)
via f654153a76132b20cbbb0e35136b7b24a27cdf98 (commit)
via 2b0b52a25170d0656b139305693d116a14838304 (commit)
via 7cc9d6e154618b4416ec1b11fa5f8ab52db2b8ff (commit)
via bfa7bcc29f726f8fe938458e8392fe5065ecebe6 (commit)
via 2fb76e4953ec584b3aeb1ee2250eedbb40294dc7 (commit)
via e943bc13b5a0b461db575de7c97060ade819977a (commit)
from 699ae6ef085c699dd5f3fb460b0f8a2408cc2860 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a1a680a3487527c1d005686164d9246398b91536
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 11 15:13:58 2012 +0200
updated
commit 5d5eee46c5f5f0b32e0605bd90edb4a305f549df
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 11 14:57:01 2012 +0200
small updates in mini-handshake-timeout
commit ee948a1ba03d1f967b728ba79d6f5ee061bd8746
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 11 14:53:24 2012 +0200
document gnutls_random_art
commit ebe3a3b7465880a920b00b928d5e89493144f581
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 11 14:41:49 2012 +0200
Added test that checks the handshake timeout.
commit f654153a76132b20cbbb0e35136b7b24a27cdf98
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 11 14:26:53 2012 +0200
updated news
commit 2b0b52a25170d0656b139305693d116a14838304
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 11 14:26:08 2012 +0200
doc update
commit 7cc9d6e154618b4416ec1b11fa5f8ab52db2b8ff
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 11 09:29:15 2012 +0200
the new makeinfo sets the FLOAT_NAME by default.
commit bfa7bcc29f726f8fe938458e8392fe5065ecebe6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 10 22:32:14 2012 +0200
corrected html generation
commit 2fb76e4953ec584b3aeb1ee2250eedbb40294dc7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Aug 8 18:34:28 2012 +0200
updated html doc
commit e943bc13b5a0b461db575de7c97060ade819977a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Aug 8 18:34:15 2012 +0200
doc update
-----------------------------------------------------------------------
Summary of changes:
NEWS | 8 +-
cfg.mk | 2 +-
doc/Makefile.am | 2 +-
doc/cha-tokens.texi | 7 +-
lib/gnutls_handshake.c | 6 +-
tests/Makefile.am | 2 +-
.../{mini-loss-time.c => mini-handshake-timeout.c} | 122 ++++++--------------
7 files changed, 54 insertions(+), 95 deletions(-)
copy tests/{mini-loss-time.c => mini-handshake-timeout.c} (59%)
diff --git a/NEWS b/NEWS
index 002a31f..aa2a795 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,10 @@ See the end for copying conditions.
* Version 3.1.0 (unreleased)
** libgnutls: Added direct support for TPM as a cryptographic module
-in gnutls/tpm.h.
+in gnutls/tpm.h. TPM keys can be used in functions accepting files
+using URLs of the following types:
+ tpmkey:file=/path/to/file
+ tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user
** libgnutls: requires libnettle 2.5.
@@ -28,6 +31,9 @@ and gnutls_x509_privkey_import_pkcs8(), return consistently
GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no
password was provided.
+** libgnutls: Added gnutls_handshake_set_timeout() a function that
+allows to set the maximum time spent in a handshake.
+
** libgnutlsxx: Added session::set_transport_vec_push_function. Patch
by Alexandre Bique.
diff --git a/cfg.mk b/cfg.mk
index 9e71e3f..a84f772 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -143,7 +143,7 @@ upload:
web:
echo generating documentation for $(PACKAGE)
cd doc && $(SHELL) ../build-aux/gendocs.sh \
- --html "--css-include=texinfo.css" \
+ --html "--css-include=./texinfo.css" \
-o ../$(htmldir)/manual/ $(PACKAGE) "$(PACKAGE_NAME)"
-cd doc && make gnutls.epub && cp gnutls.epub ../$(htmldir)/manual/
cd doc && cp *.png ../$(htmldir)/manual/html_node/
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 6c36ae4..7f1fde9 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -182,7 +182,7 @@ images_DATA = \
AM_MAKEINFOFLAGS = -I $(top_srcdir)/doc
TEXI2DVI = texi2dvi $(AM_MAKEINFOFLAGS)
AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS) \
- --set FLOAT_NAME_IN_XREF=1 --no-split
--css-include=$(srcdir)/texinfo.css
+ --no-split --css-include=$(srcdir)/texinfo.css
MAINTAINERCLEANFILES =
diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi
index 2f2dc19..cc1ded7 100644
--- a/doc/cha-tokens.texi
+++ b/doc/cha-tokens.texi
@@ -80,9 +80,12 @@ A function to check for a supported by GnuTLS URL is
@funcref{gnutls_url_is_supp
@showfuncdesc{gnutls_url_is_supported}
Additional functions are available that will return
-information over a public key.
+information over a public key, as well as a function that given a public
+key fingerprint would provide a memorable sketch.
+
address@hidden,gnutls_pubkey_get_preferred_hash_algorithm,gnutls_pubkey_get_key_id,gnutls_random_art}
+
address@hidden,gnutls_pubkey_get_preferred_hash_algorithm,gnutls_pubkey_get_key_id}
@node Abstract private keys
@subsection Private keys
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 60272e0..343cfb0 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2444,7 +2444,11 @@ gnutls_handshake (gnutls_session_t session)
* @ms: is a timeout value in milliseconds
*
* This function sets the timeout for the handshake process
- * to the provided value.
+ * to the provided value. Use an @ms value of zero to disable
+ * timeout.
+ *
+ * Note that in order for the timeout to be enforced
+ * gnutls_transport_set_pull_timeout_function() must be set.
*
**/
void
diff --git a/tests/Makefile.am b/tests/Makefile.am
index d997018..f3a844e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -69,7 +69,7 @@ ctests = mini-deflate simple gc set_pkcs12_cred certder
certuniqueid \
x509cert x509cert-tl infoaccess rsa-encrypt-decrypt \
mini-loss-time mini-tdb mini-dtls-rehandshake mini-record \
mini-termination mini-x509-cas mini-x509-2 pkcs12_simple \
- mini-emsgsize-dtls
+ mini-emsgsize-dtls mini-handshake-timeout
if ENABLE_OCSP
ctests += ocsp
diff --git a/tests/mini-loss-time.c b/tests/mini-handshake-timeout.c
similarity index 59%
copy from tests/mini-loss-time.c
copy to tests/mini-handshake-timeout.c
index c15b53b..dc86861 100644
--- a/tests/mini-loss-time.c
+++ b/tests/mini-handshake-timeout.c
@@ -49,37 +49,9 @@ int main()
#include "utils.h"
-/* This program tests whether a DTLS handshake would timeout
- * in a minute.
+/* This program tests whether the handshake timeout value is enforced.
*/
-static void print_type(const unsigned char* buf, int size)
-{
- if (buf[0] == 22 && size >= 13) {
- if (buf[13] == 1)
- fprintf(stderr, "Client Hello\n");
- else if (buf[13] == 2)
- fprintf(stderr, "Server Hello\n");
- else if (buf[13] == 12)
- fprintf(stderr, "Server Key exchange\n");
- else if (buf[13] == 14)
- fprintf(stderr, "Server Hello Done\n");
- else if (buf[13] == 11)
- fprintf(stderr, "Certificate\n");
- else if (buf[13] == 16)
- fprintf(stderr, "Client Key Exchange\n");
- else if (buf[4] == 1)
- fprintf(stderr, "Finished\n");
- else if (buf[13] == 11)
- fprintf(stderr, "Server Hello Done\n");
- else
- fprintf(stderr, "Unknown handshake\n");
- } else if (buf[0] == 20) {
- fprintf(stderr, "Change Cipher Spec\n");
- } else
- fprintf(stderr, "Unknown\n");
-}
-
static void
server_log_func (int level, const char *str)
{
@@ -99,29 +71,8 @@ static int counter;
static int packet_to_lose;
gnutls_session_t session;
-static ssize_t
-push (gnutls_transport_ptr_t tr, const void *data, size_t len)
-{
-int fd = (long int)tr;
-
- counter++;
-
- if (packet_to_lose != -1 && packet_to_lose == counter) {
- if (debug)
- {
- fprintf(stderr, "Discarding packet %d: ", counter);
- print_type(data, len);
- }
-
- packet_to_lose = 1;
- counter = 0;
- return len;
- }
- return send(fd, data, len, 0);
-}
-
static void
-client (int fd, int packet)
+client (int fd, int wait)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
@@ -139,21 +90,19 @@ client (int fd, int packet)
/* Initialize TLS session
*/
- gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu( session, 1500);
+ gnutls_init (&session, GNUTLS_CLIENT);
+ gnutls_handshake_set_timeout( session, 10*1000);
/* Use default priorities */
- gnutls_priority_set_direct (session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
counter = 0;
- packet_to_lose = packet;
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
- gnutls_transport_set_push_function (session, push);
/* Perform the TLS handshake
*/
@@ -168,18 +117,25 @@ client (int fd, int packet)
if (ret < 0)
{
- if (ret == GNUTLS_E_TIMEDOUT) return;
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
+ if (ret != GNUTLS_E_TIMEDOUT || wait == 0)
+ {
+ if (debug) fail("client: unexpected error: %s\n",
gnutls_strerror(ret));
+ exit(1);
+ }
+ if (debug) success("client: expected timeout occured\n");
+ exit(0);
}
else
{
- if (debug)
- success ("client: Handshake was completed\n");
+ if (wait != 0)
+ {
+ fail ("client: handshake was completed unexpectedly\n");
+ gnutls_perror (ret);
+ exit(1);
+ }
}
- exit(1);
+ exit(0);
}
@@ -192,13 +148,12 @@ initialize_tls_session (void)
{
gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER|GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu( session, 1500);
+ gnutls_init (&session, GNUTLS_SERVER);
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
- gnutls_priority_set_direct (session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
@@ -206,7 +161,7 @@ initialize_tls_session (void)
}
static void
-server (int fd, int packet)
+server (int fd, int wait)
{
int ret;
/* this must be called once in the program
@@ -224,12 +179,11 @@ int ret;
session = initialize_tls_session ();
counter = 0;
- packet_to_lose = packet;
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
- gnutls_transport_set_push_function (session, push);
- do
+ if (wait) sleep(15);
+ else do
{
ret = gnutls_handshake (session);
}
@@ -244,16 +198,15 @@ int ret;
}
}
-static void start (int server_packet, int client_packet)
+static void start (int wait)
{
int fd[2];
int ret;
- if (debug)
- fprintf(stderr, "\nWill discard %s packet %d\n",
- (client_packet!=-1)?"client":"server",
(client_packet!=-1)?client_packet:server_packet);
+ if (debug && wait)
+ fprintf(stderr, "\nWill test timeout\n");
- ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, fd);
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
if (ret < 0)
{
perror("socketpair");
@@ -272,14 +225,13 @@ static void start (int server_packet, int client_packet)
{
/* parent */
close(fd[1]);
- server (fd[0], server_packet);
+ server (fd[0], wait);
close(fd[0]);
- kill(child, SIGTERM);
}
else
{
close(fd[0]);
- client (fd[1], client_packet);
+ client (fd[1], wait);
close(fd[1]);
exit(0);
}
@@ -297,19 +249,13 @@ int status;
void
doit (void)
{
-time_t tstart, tstop;
-
signal(SIGCHLD, ch_handler);
- tstart = time(0);
- start(2, -1);
-
- tstop = time(0);
+ /* make sure that normal handshake occurs */
+ start(0);
- tstop = tstop - tstart;
-
- if (!(tstop < 70 && tstop > 55))
- fail("Time difference: %u\n", (unsigned)tstop);
+ /* check the handshake with an expected timeout */
+ start(1);
}
#endif /* _WIN32 */
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-109-ga1a680a,
Nikos Mavrogiannopoulos <=