diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-02 10:56:25 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-02 10:56:27 +0200 |
commit | 6d5bc66e026791a4abd337adcea318ee2fb22b12 (patch) | |
tree | a52406e1c90e2645bdeab5d82e1750891d2dbfb2 | |
parent | 74c840c8725d53e49fda22166df0115b8ab2bd07 (diff) | |
download | gnutls-6d5bc66e026791a4abd337adcea318ee2fb22b12.tar.gz |
Added priority string %DISABLE_WILDCARDS.
This will disable any wildcard matching when comparing hostnames
in certificates.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | doc/cha-gtls-app.texi | 4 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 4 | ||||
-rw-r--r-- | lib/priority_options.gperf | 1 |
4 files changed, 11 insertions, 0 deletions
@@ -71,6 +71,8 @@ distribution. ** libgnutls: Reduced the number of gnulib modules used. +** libgnutls: Added priority string %DISABLE_WILDCARDS. + ** certtool: Timestamps for serial numbers were increased to 8 bytes, and in batch mode to 12 (appended with 4 random bytes). diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 053784babf..0aad35fbe9 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1105,6 +1105,10 @@ is in control of input data. This has to be used only when the data that are possibly controlled by an attacker are placed in separate records. +@item %DISABLE_WILDCARDS @tab +will disable matching wildcards when comparing hostnames +in certificates. + @item %DISABLE_SAFE_RENEGOTIATION @tab will completely disable safe renegotiation completely. Do not use unless you know what you are doing. diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 8ff2b48163..bd142a0739 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -786,6 +786,10 @@ static void enable_stateless_compression(gnutls_priority_t c) { c->stateless_compression = 1; } +static void disable_wildcards(gnutls_priority_t c) +{ + c->additional_verify_flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS; +} static void enable_profile_low(gnutls_priority_t c) { c->additional_verify_flags &= 0x00ffffff; diff --git a/lib/priority_options.gperf b/lib/priority_options.gperf index 683d37e4f6..fd081c5083 100644 --- a/lib/priority_options.gperf +++ b/lib/priority_options.gperf @@ -19,6 +19,7 @@ UNSAFE_RENEGOTIATION, enable_unsafe_renegotiation SAFE_RENEGOTIATION, enable_safe_renegotiation PARTIAL_RENEGOTIATION, enable_partial_safe_renegotiation DISABLE_SAFE_RENEGOTIATION, disable_safe_renegotiation +DISABLE_WILDCARDS, disable_wildcards SERVER_PRECEDENCE, enable_server_precedence PROFILE_LOW, enable_profile_low PROFILE_LEGACY, enable_profile_legacy |