Renegotiation patch

Steve Dispensa dispensa at phonefactor.com
Tue Jan 12 05:33:29 CET 2010


All,

Here is an updated patch that conforms to the latest secure renegotiation draft (draft-ietf-tls-renegotiation-03). Included are a 570-line patch plus two new source files implementing the extension.

This patch is still not quite perfect, but I wanted to get it into people's hands sooner rather than later, so here it is. Some of the remaining shortcomings:

 - Correct error return values (rather than -1)
 - Send appropriate alerts, as required by the draft
 - Documentation of the two new API's, as well as of the design
 - Automated test cases
 - Additional interoperability testing

I've tested the basic functionality, but additional testing and code review would be much appreciated. The API's are still defaulted to secure (as opposed to interoperable) mode, which should probably change for the short run.

 -Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100111/09281160/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls-renegotiation-patch
Type: application/octet-stream
Size: 17242 bytes
Desc: gnutls-renegotiation-patch
URL: </pipermail/attachments/20100111/09281160/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ext_safe_renegotiation.c
Type: application/octet-stream
Size: 3341 bytes
Desc: ext_safe_renegotiation.c
URL: </pipermail/attachments/20100111/09281160/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ext_safe_renegotiation.h
Type: application/octet-stream
Size: 1109 bytes
Desc: ext_safe_renegotiation.h
URL: </pipermail/attachments/20100111/09281160/attachment-0002.obj>


More information about the Gnutls-devel mailing list