procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Collect GnuTLS extensions and use them to set %DUMBFW if supported

Browse source 
* lisp/net/gnutls.el (gnutls-boot-parameters): Use it to set %DUMBFW
only when it's supported as "ClientHello Padding" (Bug#25061).

* src/gnutls.c (Fgnutls_available_p): Get extension names and
put them in the GnuTLS capabilities, using a hard-coded limit
of 100 since GnuTLS MAX_EXT_TYPES is not exported.
This commit is contained in:
Ted Zlatanov 2017-12-19 12:43:56 -05:00
parent 936136ecab
commit 21a212f9e2
No known key found for this signature in database
GPG key ID: 11F23D0A4E4B9DEE
2 changed files with 44 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lisp/net/gnutls.el
View file

@ -261,15 +261,19 @@ here's a recent version of the list.
It must be omitted, a number, or nil; if omitted or nil it It must be omitted, a number, or nil; if omitted or nil it
defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT." defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
(let ((trustfiles (or trustfiles (gnutls-trustfiles))) (let* ((trustfiles (or trustfiles (gnutls-trustfiles)))
(maybe-dumbfw (if (memq 'ClientHello\ Padding (gnutls-available-p))
":%DUMBFW"
""))
(priority-string (or priority-string (priority-string (or priority-string
(cond (cond
((eq type 'gnutls-anon) ((eq type 'gnutls-anon)
"NORMAL:+ANON-DH:!ARCFOUR-128:%DUMBFW") (concat "NORMAL:+ANON-DH:!ARCFOUR-128"
maybe-dumbfw))
((eq type 'gnutls-x509pki) ((eq type 'gnutls-x509pki)
(if gnutls-algorithm-priority (if gnutls-algorithm-priority
(upcase gnutls-algorithm-priority) (upcase gnutls-algorithm-priority)
"NORMAL:%DUMBFW"))))) (concat "NORMAL" maybe-dumbfw))))))
(verify-error (or verify-error (verify-error (or verify-error
;; this uses the value of `gnutls-verify-error' ;; this uses the value of `gnutls-verify-error'
(cond (cond

14
src/gnutls.c
View file

@ -2415,7 +2415,10 @@ GnuTLS 3 or higher : the list will contain `gnutls3'.
GnuTLS MACs : the list will contain `macs'. GnuTLS MACs : the list will contain `macs'.
GnuTLS digests : the list will contain `digests'. GnuTLS digests : the list will contain `digests'.
GnuTLS symmetric ciphers: the list will contain `ciphers'. GnuTLS symmetric ciphers: the list will contain `ciphers'.
GnuTLS AEAD ciphers : the list will contain `AEAD-ciphers'. */) GnuTLS AEAD ciphers : the list will contain `AEAD-ciphers'.
%DUMBFW : the list will contain `ClientHello\ Padding'.
Any GnuTLS extension with ID up to 100
: the list will contain its name. */)
(void) (void)
{ {
Lisp_Object capabilities = Qnil; Lisp_Object capabilities = Qnil;
@ -2436,6 +2439,15 @@ GnuTLS AEAD ciphers : the list will contain `AEAD-ciphers'. */)
capabilities = Fcons (intern("macs"), capabilities); capabilities = Fcons (intern("macs"), capabilities);
# endif /* HAVE_GNUTLS3 */ # endif /* HAVE_GNUTLS3 */
for (unsigned int ext=0; ext < 100; ext++)
{
const char* name = gnutls_ext_get_name(ext);
if (name != NULL)
{
capabilities = Fcons (intern(name), capabilities);
}
}
# ifdef WINDOWSNT # ifdef WINDOWSNT
Lisp_Object found = Fassq (Qgnutls, Vlibrary_cache); Lisp_Object found = Fassq (Qgnutls, Vlibrary_cache);
if (CONSP (found)) if (CONSP (found))