[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_25-6-g16d36
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_25-6-g16d365a |
|
Date: |
Wed, 07 Nov 2012 20:58:09 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=16d365ab359436651deb35a8ec6cdc0e76c077d9
The branch, gnutls_3_0_x-2 has been updated
via 16d365ab359436651deb35a8ec6cdc0e76c077d9 (commit)
from a00ddedbd3d2103bd28d8077af2a5e165cb62002 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 16d365ab359436651deb35a8ec6cdc0e76c077d9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Nov 7 21:57:45 2012 +0100
Tolerate key usage violation.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +++
lib/gnutls_int.h | 1 -
lib/gnutls_priority.c | 1 -
lib/gnutls_sig.c | 10 ++--------
4 files changed, 5 insertions(+), 10 deletions(-)
diff --git a/NEWS b/NEWS
index 97d6240..f9225a9 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ See the end for copying conditions.
* Version 3.0.26 (unreleased)
+** libgnutls: Always tolerate key usage violation errors from the side
+of the peer, but also notify via an audit message.
+
** libgnutls: gnutls_x509_crl_verify() includes the time checks.
** libgnutls: Increased maximum password length in the PKCS #12
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 414a200..437da73 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -585,7 +585,6 @@ struct gnutls_priority_st
safe_renegotiation_t sr;
unsigned int ssl3_record_version:1;
unsigned int server_precedence:1;
- unsigned int allow_key_usage_violation:1;
/* Whether stateless compression will be used */
unsigned int stateless_compression:1;
unsigned int additional_verify_flags;
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 6a39294..b4b6826 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -911,7 +911,6 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
{
(*priority_cache)->no_padding = 1;
(*priority_cache)->allow_large_records = 1;
- (*priority_cache)->allow_key_usage_violation = 1;
}
else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0)
{
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 7c7b64e..c6a0f16 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -221,10 +221,7 @@ sign_tls_hash (gnutls_session_t session,
gnutls_digest_algorithm_t hash_algo,
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
- if (session->internals.priorities.allow_key_usage_violation == 0)
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- else
- _gnutls_audit_log(session, "Key usage violation was detected
(ignored).\n");
+ _gnutls_audit_log(session, "Peer's certificate does not allow
digital signatures. Key usage violation detected (ignored).\n");
}
/* External signing. Deprecated. To be removed. */
@@ -296,10 +293,7 @@ verify_tls_hash (gnutls_session_t session,
gnutls_protocol_t ver, gnutls_pcert_s
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
- if (session->internals.priorities.allow_key_usage_violation == 0)
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- else
- _gnutls_audit_log(session, "Key usage violation was detected
(ignored).\n");
+ _gnutls_audit_log(session, "Peer's certificate does not allow digital
signatures. Key usage violation detected (ignored).\n");
}
if (pk_algo == GNUTLS_PK_UNKNOWN)
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_25-6-g16d365a,
Nikos Mavrogiannopoulos <=