gnutls_set_priority() does not handle strings starting with "NONE".

Laurence Withers l at lwithers.me.uk
Sun Feb 3 22:53:51 CET 2008


Hi,

In the gnutls function reference, for the function gnutls_set_priority() 
it is stated:

     "NONE" nothing is enabled. This disables even protocols and
     compression methods.

and one of the examples:

     "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"

However, if you actually try that example, or even the string "NONE" on 
its own, it doesn't work (it returns GNUTLS_E_INVALID_REQUEST and sets 
the error location to the start of the string).

Tracing this back into the code, the token "NONE" is handled specially 
before the for loop in gnutls_set_priority() that parses each token. 
However, the loop itself always parses all tokens and it doesn't know 
handle "NONE".

I attached a patch which causes the first token to be skipped by this 
loop if it was "NONE". The patch is against 2.2.1 but also applies 
against 2.3.0.

Bye for now,
-- 
Laurence Withers, <l at lwithers.me.uk>  --  jabber:l at jabber.lwithers.me.uk
http://www.lwithers.me.uk/                             tel:+447753988197
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls_priority_init-NONE.patch
Type: text/x-diff
Size: 579 bytes
Desc: not available
URL: </pipermail/attachments/20080203/0cfcf0f8/attachment.patch>


More information about the Gnutls-devel mailing list