[Pkg-gnutls-commits] r249 - in /packages/gnutls13/trunk/debian: changelog patches/18_negotiate_cypher.diff

ametzler at users.alioth.debian.org ametzler at users.alioth.debian.org
Sat Nov 11 16:12:12 CET 2006 

Author: ametzler
Date: Sat Nov 11 16:12:12 2006
New Revision: 249

URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=249
Log:
When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS version, try to negotiate the highest version support by the GnuTLS server, instead of the lowest.

Added:
    packages/gnutls13/trunk/debian/patches/18_negotiate_cypher.diff
Modified:
    packages/gnutls13/trunk/debian/changelog

Modified: packages/gnutls13/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls13/trunk/debian/changelog?rev=249&op=diff
==============================================================================
--- packages/gnutls13/trunk/debian/changelog (original)
+++ packages/gnutls13/trunk/debian/changelog Sat Nov 11 16:12:12 2006
@@ -1,8 +1,11 @@
-gnutls13 (1.4.4-3) UNRELEASED; urgency=low
-
-  * NOT RELEASED YET
-
- -- Andreas Metzler <ametzler at debian.org>  Sat, 14 Oct 2006 15:44:29 +0200
+gnutls13 (1.4.4-3) unstable; urgency=low
+
+  * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
+       When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
+       version, try to negotiate the highest version support by the GnuTLS
+       server, instead of the lowest.
+
+ -- Andreas Metzler <ametzler at debian.org>  Sat, 11 Nov 2006 10:35:29 +0100
 
 gnutls13 (1.4.4-2) unstable; urgency=low
 

Added: packages/gnutls13/trunk/debian/patches/18_negotiate_cypher.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls13/trunk/debian/patches/18_negotiate_cypher.diff?rev=249&op=file
==============================================================================
--- packages/gnutls13/trunk/debian/patches/18_negotiate_cypher.diff (added)
+++ packages/gnutls13/trunk/debian/patches/18_negotiate_cypher.diff Sat Nov 11 16:12:12 2006
@@ -1,0 +1,40 @@
+Pulled from gnutls 1.4.5:
+ 
+ ** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
+ ** version, try to negotiate the highest version support by the GnuTLS server,
+ ** instead of the lowest.
+ 
+ Reported by <Pasi.Eronen at nokia.com>.
+--- gnutls-1.4.4/lib/gnutls_v2_compat.c	2006-03-08 11:44:59.000000000 +0100
++++ gnutls-1.4.5/lib/gnutls_v2_compat.c	2006-11-06 12:18:25.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2001, 2004, 2005 Free Software Foundation
++ * Copyright (C) 2001, 2004, 2005, 2006 Free Software Foundation
+  *
+  * Author: Nikos Mavroyanopoulos
+  *
+@@ -117,11 +117,21 @@
+ 
+   version = _gnutls_version_get (data[pos], data[pos + 1]);
+ 
+-  /* if we do not support that version  
++  /* if we do not support that version
+    */
+   if (_gnutls_version_is_supported (session, version) == 0)
+     {
+-      ver = _gnutls_version_lowest (session);
++      /* If he requested something we do not support
++       * then we send him the highest we support.
++       */
++      ver = _gnutls_version_max (session);
++      if (ver == GNUTLS_VERSION_UNKNOWN)
++	{
++	  /* this check is not really needed.
++	   */
++	  gnutls_assert ();
++	  return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
++	}
+     }
+   else
+     {

More information about the Pkg-gnutls-commits mailing list