handshake: simplified the server-side ciphersuite negotiation

This eliminates all the back and forth loops in the previous code while keeping the same ciphersuite selection checks in place. The ciphersuite selection tests that were kept: * Check if key exchange supports the server public key and key usage flags * Check if DH or other parameters required for the ciphersuite are present * Find appropriate certificate for the credentials and ciphersuite * Check whether a curve is negotiated for the ECDH ciphersuites Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-06-21 11:54:39 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-07-10 07:25:54 +0000
commit: dd3a25b5ced504489a5bf08eed12aa5261bd7c45 (patch)
tree: cdd251b0d879aeb928392b19bffa5dcc2fd32c57 /lib/constate.h
parent: 40ca6dc6830450cc02877d4af88e12a07bd6607f (diff)
download: gnutls-dd3a25b5ced504489a5bf08eed12aa5261bd7c45.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/constate.h b/lib/constate.h
index 773c36c6f2..a7a1bdd19b 100644
--- a/lib/constate.h
+++ b/lib/constate.h
@@ -25,6 +25,8 @@
 
 int _gnutls_set_cipher_suite(gnutls_session_t session,
 			     const uint8_t suite[2]);
+int _gnutls_set_cipher_suite2(gnutls_session_t session,
+			     const gnutls_cipher_suite_entry_st *cs);
 void _gnutls_epoch_set_null_algos(gnutls_session_t session,
 				  record_parameters_st * params);
 int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-06-21 11:54:39 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-07-10 07:25:54 +0000
commit	dd3a25b5ced504489a5bf08eed12aa5261bd7c45 (patch)
tree	cdd251b0d879aeb928392b19bffa5dcc2fd32c57 /lib/constate.h
parent	40ca6dc6830450cc02877d4af88e12a07bd6607f (diff)
download	gnutls-dd3a25b5ced504489a5bf08eed12aa5261bd7c45.tar.gz