[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-92-g6e8a831

[Nikos Mavrogiannopoulos]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=6e8a8311287be4f50153e240a254664dd9c4f366

The branch, master has been updated
       via  6e8a8311287be4f50153e240a254664dd9c4f366 (commit)
       via  01e764fc9e9f9e455591916c3f51d84e60ac559f (commit)
      from  51362974491db08f435bd6da39c8e2fc5d285402 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6e8a8311287be4f50153e240a254664dd9c4f366
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Tue Sep 18 00:05:50 2012 +0200

    DEFAULT_* -> DEFAULT_MAX_*

commit 01e764fc9e9f9e455591916c3f51d84e60ac559f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Tue Sep 18 00:04:38 2012 +0200

    MAX_CERTS_TO_SORT -> DEFAULT_VERIFY_DEPTH

-----------------------------------------------------------------------

Summary of changes:
 lib/gnutls_cert.c      |    4 ++--
 lib/gnutls_int.h       |    4 ++--
 lib/x509/verify-high.c |   12 +++++-------
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 76c5e04..cdbedd4 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -229,8 +229,8 @@ int ret;
       gnutls_free(*res);
       return GNUTLS_E_MEMORY_ERROR;
     }
-  (*res)->verify_bits = DEFAULT_VERIFY_BITS;
-  (*res)->verify_depth = DEFAULT_VERIFY_DEPTH;
+  (*res)->verify_bits = DEFAULT_MAX_VERIFY_BITS;
+  (*res)->verify_depth = DEFAULT_MAX_VERIFY_DEPTH;
   (*res)->verify_flags = GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN;
 
   return 0;
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index eb19b6c..d80c2a7 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -200,8 +200,8 @@ typedef enum transport_t
 
 /* defaults for verification functions
  */
-#define DEFAULT_VERIFY_DEPTH 32
-#define DEFAULT_VERIFY_BITS 16*1024
+#define DEFAULT_MAX_VERIFY_DEPTH 16
+#define DEFAULT_MAX_VERIFY_BITS 16*1024
 
 #include <gnutls_mem.h>
 
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 05fb771..7aeac95 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -404,28 +404,26 @@ static int shorten_clist(gnutls_x509_trust_list_t list,
     return clist_size;
 }
 
-#define MAX_CERTS_TO_SORT 10
-
 /* Takes a certificate list and orders it with subject, issuer order.
  *
  * Returns the size of the ordered list (which is always less or
  * equal to the original).
  */
-static gnutls_x509_crt_t* sort_clist(gnutls_x509_crt_t 
sorted[MAX_CERTS_TO_SORT], 
+static gnutls_x509_crt_t* sort_clist(gnutls_x509_crt_t 
sorted[DEFAULT_VERIFY_DEPTH], 
                                      gnutls_x509_crt_t * clist,
                                      unsigned int *clist_size)
 {
   int prev;
   unsigned int j, i;
-  int issuer[MAX_CERTS_TO_SORT]; /* contain the index of the issuers */
+  int issuer[DEFAULT_VERIFY_DEPTH]; /* contain the index of the issuers */
     
     /* Do not bother sorting if too many certificates are given.
      * Prevent any DoS attacks.
      */
-  if (*clist_size > MAX_CERTS_TO_SORT)
+  if (*clist_size > DEFAULT_VERIFY_DEPTH)
     return clist;
 
-  for (i=0;i<MAX_CERTS_TO_SORT;i++)
+  for (i=0;i<DEFAULT_VERIFY_DEPTH;i++)
     issuer[i] = -1;
 
   /* Find the issuer of each certificate and store it
@@ -548,7 +546,7 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t 
list,
     int ret;
     unsigned int i;
     uint32_t hash;
-    gnutls_x509_crt_t sorted[MAX_CERTS_TO_SORT];
+    gnutls_x509_crt_t sorted[DEFAULT_VERIFY_DEPTH];
 
     if (cert_list == NULL || cert_list_size < 1)
         return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);


hooks/post-receive
-- 
GNU gnutls