diff options
author | peonix <ajeetsinghchahar2@gmail.com> | 2023-03-28 09:08:40 +0530 |
---|---|---|
committer | peonix <ajeetsinghchahar2@gmail.com> | 2023-03-28 09:08:40 +0530 |
commit | a7c4a04ed62be828b8aba170329c083bff3d6d34 (patch) | |
tree | 9e89d641d9e7c6519355a673f1e194712b162a47 | |
parent | 195be04e144b95d084eef3c4aa72b65c01fcb7c8 (diff) | |
download | gnutls-a7c4a04ed62be828b8aba170329c083bff3d6d34.tar.gz |
Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS
Signed-off-by: peonix <ajeetsinghchahar2@gmail.com>
-rw-r--r-- | CONTRIBUTING.md | 2 | ||||
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | lib/ext/ext_master_secret.c | 4 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 6 | ||||
-rw-r--r-- | lib/state.c | 4 | ||||
-rw-r--r-- | src/cli.c | 2 | ||||
-rw-r--r-- | tests/status-request-revoked.c | 2 | ||||
-rw-r--r-- | tests/status-request.c | 4 |
8 files changed, 13 insertions, 13 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 300f98ee2b..ff7a747fc2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -219,7 +219,7 @@ as in the example below. The detailed form is documented on `doc/scripts/gdoc`. * * Note that since version 3.1.2 this function enables some common * TLS extensions such as session tickets and OCSP certificate status - * request in client side by default. To prevent that use the %GNUTLS_NO_EXTENSIONS + * request in client side by default. To prevent that use the %GNUTLS_NO_DEFAULT_EXTENSIONS * flag. * * Returns: %GNUTLS_E_SUCCESS on success, or a negative error code. @@ -2997,7 +2997,7 @@ response corresponds to the given certificate. ** libgnutls: In client side gnutls_init() enables the session ticket and OCSP certificate status request extensions by default. The flag -GNUTLS_NO_EXTENSIONS can be used to prevent that. +GNUTLS_NO_DEFAULT_EXTENSIONS can be used to prevent that. ** libgnutls: Several updates in the OpenPGP code. The generating code is fully RFC6091 compliant and RFC5081 support is only supported in client diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index a438cd7b18..95e64bd0d7 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -74,7 +74,7 @@ _gnutls_ext_master_secret_recv_params(gnutls_session_t session, { ssize_t data_size = _data_size; - if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + if ((session->internals.flags & GNUTLS_NO_DEFAULT_EXTENSIONS) || session->internals.priorities->no_extensions || session->internals.no_ext_master_secret != 0) { return 0; @@ -106,7 +106,7 @@ static int _gnutls_ext_master_secret_send_params(gnutls_session_t session, gnutls_buffer_st * extdata) { - if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || + if ((session->internals.flags & GNUTLS_NO_DEFAULT_EXTENSIONS) || session->internals.priorities->no_extensions != 0 || session->internals.no_ext_master_secret != 0) { session->security_parameters.ext_master_secret = 0; diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index c3ff442cb7..64098c5b36 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -438,7 +438,7 @@ typedef enum { * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). Since 3.0.0. * @GNUTLS_NONBLOCK: Connection should not block. Since 3.0.0. * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2). - * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. + * @GNUTLS_NO_DEFAULT_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2. * @GNUTLS_ALLOW_ID_CHANGE: Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0. * @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0. @@ -499,7 +499,7 @@ typedef enum { GNUTLS_CLIENT = (1 << 1), GNUTLS_DATAGRAM = (1 << 2), GNUTLS_NONBLOCK = (1 << 3), - GNUTLS_NO_EXTENSIONS = (1 << 4), + GNUTLS_NO_DEFAULT_EXTENSIONS = (1 << 4), GNUTLS_NO_REPLAY_PROTECTION = (1 << 5), GNUTLS_NO_SIGNAL = (1 << 6), GNUTLS_ALLOW_ID_CHANGE = (1 << 7), @@ -528,7 +528,7 @@ typedef enum { # define GNUTLS_CLIENT (1<<1) # define GNUTLS_DATAGRAM (1<<2) # define GNUTLS_NONBLOCK (1<<3) -# define GNUTLS_NO_EXTENSIONS (1<<4) +# define GNUTLS_NO_DEFAULT_EXTENSIONS (1<<4) # define GNUTLS_NO_REPLAY_PROTECTION (1<<5) # define GNUTLS_NO_SIGNAL (1<<6) # define GNUTLS_ALLOW_ID_CHANGE (1<<7) diff --git a/lib/state.c b/lib/state.c index 631299846b..5d732b0f17 100644 --- a/lib/state.c +++ b/lib/state.c @@ -556,7 +556,7 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session) * * Note that since version 3.1.2 this function enables some common * TLS extensions such as session tickets and OCSP certificate status - * request in client side by default. To prevent that use the %GNUTLS_NO_EXTENSIONS + * request in client side by default. To prevent that use the %GNUTLS_NO_DEFAULT_EXTENSIONS * flag. * * Note that it is never mandatory to use gnutls_deinit() after this @@ -718,7 +718,7 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) } /* Enable useful extensions */ - if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) { + if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_DEFAULT_EXTENSIONS)) { #ifdef ENABLE_OCSP if (!(flags & GNUTLS_NO_STATUS_REQUEST)) gnutls_ocsp_status_request_enable_client(*session, NULL, @@ -1705,7 +1705,7 @@ static void cmd_parser(int argc, char **argv) disable_sni = HAVE_OPT(DISABLE_SNI); disable_extensions = HAVE_OPT(DISABLE_EXTENSIONS); if (disable_extensions) - init_flags |= GNUTLS_NO_EXTENSIONS; + init_flags |= GNUTLS_NO_DEFAULT_EXTENSIONS; if (HAVE_OPT(SINGLE_KEY_SHARE)) init_flags |= GNUTLS_KEY_SHARE_TOP; diff --git a/tests/status-request-revoked.c b/tests/status-request-revoked.c index cf4c8fcb2a..657dd9faf3 100644 --- a/tests/status-request-revoked.c +++ b/tests/status-request-revoked.c @@ -51,7 +51,7 @@ int main(void) # include "utils.h" /* This program tests that the client does not send the - * status request extension if GNUTLS_NO_EXTENSIONS is set. + * status request extension if GNUTLS_NO_DEFAULT_EXTENSIONS is set. */ static void server_log_func(int level, const char *str) diff --git a/tests/status-request.c b/tests/status-request.c index 5c165ae5f0..5caeef2247 100644 --- a/tests/status-request.c +++ b/tests/status-request.c @@ -51,7 +51,7 @@ int main(void) # include "utils.h" /* This program tests that the client does not send the - * status request extension if GNUTLS_NO_EXTENSIONS is set. + * status request extension if GNUTLS_NO_DEFAULT_EXTENSIONS is set. */ static void server_log_func(int level, const char *str) @@ -107,7 +107,7 @@ static void client(int fd, const char *prio) /* Initialize TLS session */ - assert(gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_NO_EXTENSIONS) >= + assert(gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_NO_DEFAULT_EXTENSIONS) >= 0); assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); |