commit e5295880b97c77d225cc1ab284bcc98e954195aa
parent 7474a036d785d5c4f2e1c75410ebbbfee16ff168
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 18 Nov 2008 08:20:26 +0000
removing broken code for compress and useless -- equally broken -- options
Diffstat:
21 files changed, 100 insertions(+), 1167 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+Tue Nov 18 01:19:53 MST 2008
+ Removed support for untested and/or broken SSL features
+ and (largely useless) options. -CG
+
Sun Nov 16 16:54:54 MST 2008
Added option to get unparsed URI via callback.
Releasing GNU libmicrohttpd 0.4.0pre1. -CG
diff --git a/configure.ac b/configure.ac
@@ -292,11 +292,6 @@ fi
AM_CONDITIONAL(MHD_DEBUG_TLS, test "$enable_client_side" != "no")
-# test for libz (optional feature for HTTPS)
-zlib=1
-AC_CHECK_LIB(z, compress,,zlib=0)
-AM_CONDITIONAL(HAVE_LIBZ, test x$zlib = x1)
-
# Symbols required by GNU_TLS
AC_DEFINE([GNULIB_GC_RANDOM],[1],[GNULIB_GC_RANDOM])
@@ -369,10 +364,6 @@ then
AC_MSG_NOTICE([HTTPS subsystem configuration:
Client code dep.: ${MSG_CLIENT_SIDE}
])
- if test "$zlib" != 1
- then
- AC_MSG_NOTICE([WARNING: deflate feature for HTTPS disabled (no zlib)])
- fi
fi
diff --git a/doc/microhttpd.texi b/doc/microhttpd.texi
@@ -419,122 +419,6 @@ We had to close the session since @mhd{} was being shut down.
@end table
@end deftp
-
-@deftp {Enumeration} MHD_GNUTLS_CipherAlgorithm
-List of symmetric ciphers.
-Note that not all listed algorithms are necessarily supported by
-all builds of MHD.
-
-@table @code
-@item MHD_GNUTLS_CIPHER_UNKNOWN
-
-@item MHD_GNUTLS_CIPHER_NULL
-
-@item MHD_GNUTLS_CIPHER_ARCFOUR_128
-
-@item MHD_GNUTLS_CIPHER_3DES_CBC
-
-@item MHD_GNUTLS_CIPHER_AES_128_CBC
-
-@item MHD_GNUTLS_CIPHER_AES_256_CBC
-
-@item MHD_GNUTLS_CIPHER_ARCFOUR_40
-
-@item MHD_GNUTLS_CIPHER_RC2_40_CBC
-
-@item MHD_GNUTLS_CIPHER_DES_CBC
-
-@end table
-@end deftp
-
-
-@deftp {Enumeration} MHD_GNUTLS_KeyExchangeAlgorithm
-List of key exchange algorithms.
-Note that not all listed algorithms are necessarily supported by
-all builds of MHD.
-
-@table @code
-
-@item MHD_GNUTLS_KX_UNKNOWN
-
-@item MHD_GNUTLS_KX_RSA
-
-@item MHD_GNUTLS_KX_DHE_DSS
-
-@item MHD_GNUTLS_KX_DHE_RSA
-
-@item MHD_GNUTLS_KX_ANON_DH
-
-@item MHD_GNUTLS_KX_SRP
-
-@item MHD_GNUTLS_KX_RSA_EXPORT
-
-@item MHD_GNUTLS_KX_SRP_RSA
-
-@item MHD_GNUTLS_KX_SRP_DSS
-@end table
-@end deftp
-
-
-@deftp {Enumeration} MHD_GNUTLS_CredentialsType
-Server credentials type (note that not all types
-maybe supported by all MHD builds).
-
-@table @code
-@item MHD_GNUTLS_CRD_CERTIFICATE
-We have a x.509 certificate.
-
-@item MHD_GNUTLS_CRD_ANON
-We have no certificate (anonymous).
-
-@item MHD_GNUTLS_CRD_SRP
-We are using password-based authentication.
-
-@item MHD_GNUTLS_CRD_PSK
-We are using pre-shared keys (PSK).
-
-@end table
-@end deftp
-
-
-@deftp {Enumeration} MHD_GNUTLS_HashAlgorithm
-Enumeration of possible cryptographic hash functions (for MAC and
-Digest operations). Note that not all listed algorithms are
-necessarily supported by all builds of MHD.
-
-@table @code
-@item MHD_GNUTLS_MAC_UNKNOWN
-
-@item MHD_GNUTLS_MAC_NULL
-
-@item MHD_GNUTLS_MAC_MD5
-
-@item MHD_GNUTLS_MAC_SHA1
-
-@item MHD_GNUTLS_MAC_SHA256
-
-@end table
-@end deftp
-
-
-@deftp {Enumeration} MHD_GNUTLS_CompressionMethod
-List of compression methods. Note that not all listed algorithms are
-necessarily supported by all builds of MHD.
-
-@table @code
-@item MHD_GNUTLS_COMP_UNKNOWN
-
-@item MHD_GNUTLS_COMP_NULL
-No compression.
-
-@item MHD_GNUTLS_COMP_DEFLATE
-gzip compression.
-
-@end table
-@end deftp
-
-
-
@deftp {Enumeration} MHD_GNUTLS_Protocol
SSL/TLS Protocol types. Note that not all listed algorithms are
necessarily supported by all builds of MHD.
@@ -552,14 +436,23 @@ necessarily supported by all builds of MHD.
-@deftp {Enumeration} MHD_GNUTLS_PublicKeyAlgorithm
-List of public key algorithms. Note that not all listed algorithms
-are necessarily supported by all builds of MHD.
+@deftp {Enumeration} MHD_GNUTLS_CipherAlgorithm
+List of symmetric ciphers.
+Note that not all listed algorithms are necessarily supported by
+all builds of MHD.
@table @code
-@item MHD_GNUTLS_PK_UNKNOWN
+@item MHD_GNUTLS_CIPHER_UNKNOWN
-@item MHD_GNUTLS_PK_RSA
+@item MHD_GNUTLS_CIPHER_NULL
+
+@item MHD_GNUTLS_CIPHER_ARCFOUR_128
+
+@item MHD_GNUTLS_CIPHER_3DES_CBC
+
+@item MHD_GNUTLS_CIPHER_AES_128_CBC
+
+@item MHD_GNUTLS_CIPHER_AES_256_CBC
@end table
@end deftp
@@ -575,26 +468,9 @@ connection is desired.
What cipher algorithm is being used.
Takes no extra arguments.
-@item MHD_CONNECTION_INFO_KX_ALGO
-What key exchange algorithm is being used.
-Takes no extra arguments.
-
-@item MHD_CONNECTION_INFO_CREDENTIALS_TYPE
-Takes no extra arguments.
-
-@item MHD_CONNECTION_INFO_MAC_ALGO
-Takes no extra arguments.
-
-@item MHD_CONNECTION_INFO_COMPRESSION_METHOD,
-What compression method is being used.
-Takes no extra arguments.
-
@item MHD_CONNECTION_INFO_PROTOCOL,
Takes no extra arguments.
-@item MHD_CONNECTION_INFO_CERT_TYPE
-Takes no extra arguments.
-
@end table
@end deftp
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c
@@ -60,24 +60,9 @@ MHD_get_connection_info (struct MHD_Connection *connection,
case MHD_CONNECTION_INFO_CIPHER_ALGO:
return (const union MHD_ConnectionInfo *) &connection->tls_session->
security_parameters.read_bulk_cipher_algorithm;
- case MHD_CONNECTION_INFO_KX_ALGO:
- return (const union MHD_ConnectionInfo *) &connection->tls_session->
- security_parameters.kx_algorithm;
- case MHD_CONNECTION_INFO_CREDENTIALS_TYPE:
- return (const union MHD_ConnectionInfo *) &connection->tls_session->
- key->cred->algorithm;
- case MHD_CONNECTION_INFO_MAC_ALGO:
- return (const union MHD_ConnectionInfo *) &connection->tls_session->
- security_parameters.read_mac_algorithm;
- case MHD_CONNECTION_INFO_COMPRESSION_METHOD:
- return (const union MHD_ConnectionInfo *) &connection->tls_session->
- security_parameters.read_compression_algorithm;
case MHD_CONNECTION_INFO_PROTOCOL:
return (const union MHD_ConnectionInfo *) &connection->tls_session->
security_parameters.version;
- case MHD_CONNECTION_INFO_CERT_TYPE:
- return (const union MHD_ConnectionInfo *) &connection->tls_session->
- security_parameters.cert_type;
#endif
default:
return NULL;
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
@@ -885,21 +885,10 @@ MHD_start_daemon_va (unsigned int options,
case MHD_OPTION_HTTPS_MEM_CERT:
retVal->https_mem_cert = va_arg (ap, const char *);
break;
- case MHD_OPTION_CRED_TYPE:
- retVal->cred_type = va_arg (ap, const int);
- break;
- case MHD_OPTION_KX_PRIORITY:
- _set_priority (&retVal->priority_cache->kx,
- va_arg (ap, const int *));
- break;
case MHD_OPTION_CIPHER_ALGORITHM:
_set_priority (&retVal->priority_cache->cipher,
va_arg (ap, const int *));
break;
- case MHD_OPTION_MAC_ALGO:
- _set_priority (&retVal->priority_cache->mac,
- va_arg (ap, const int *));
- break;
#endif
default:
#if HAVE_MESSAGES
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
@@ -43,6 +43,84 @@ extern "C"
#endif
#endif
+
+/**
+ * List of key exchange algorithms.
+ * Note that not all listed algorithms are necessarily
+ * supported by all builds of MHD.
+ */
+enum MHD_GNUTLS_KeyExchangeAlgorithm
+{
+ MHD_GNUTLS_KX_UNKNOWN = 0,
+ MHD_GNUTLS_KX_RSA = 1,
+};
+
+/**
+ * Server credentials type (note that not all types
+ * maybe supported by all MHD builds).
+ */
+enum MHD_GNUTLS_CredentialsType
+{
+ /**
+ * We have a x.509 certificate.
+ */
+ MHD_GNUTLS_CRD_CERTIFICATE = 1,
+
+};
+
+/**
+ * Enumeration of possible cryptographic
+ * hash functions (for MAC and Digest operations).
+ * Note that not all listed algorithms are necessarily
+ * supported by all builds of MHD.
+ */
+enum MHD_GNUTLS_HashAlgorithm
+{
+ MHD_GNUTLS_MAC_UNKNOWN = 0,
+ MHD_GNUTLS_MAC_NULL = 1,
+ MHD_GNUTLS_MAC_MD5,
+ MHD_GNUTLS_MAC_SHA1,
+ MHD_GNUTLS_MAC_SHA256
+};
+
+/**
+ * List of compression methods.
+ * Note that not all listed algorithms are necessarily
+ * supported by all builds of MHD.
+ */
+enum MHD_GNUTLS_CompressionMethod
+{
+ MHD_GNUTLS_COMP_UNKNOWN = 0,
+
+ /**
+ * No compression.
+ */
+ MHD_GNUTLS_COMP_NULL = 1,
+
+};
+/**
+ * Types of certificates.
+ */
+enum MHD_GNUTLS_CertificateType
+{
+ MHD_GNUTLS_CRT_UNKNOWN = 0,
+ MHD_GNUTLS_CRT_X509 = 1
+};
+
+/**
+ * List of public key algorithms.
+ * Note that not all listed algorithms are necessarily
+ * supported by all builds of MHD.
+ */
+enum MHD_GNUTLS_PublicKeyAlgorithm
+{
+ MHD_GNUTLS_PK_UNKNOWN = 0,
+ MHD_GNUTLS_PK_RSA = 1,
+ MHD_GNUTLS_KX_RSA_EXPORT
+};
+
+
+
#define LIBGNUTLS_VERSION "2.2.3"
/* Get size_t. */
@@ -238,18 +316,9 @@ int MHD__gnutls_alert_send (MHD_gtls_session_t session,
int MHD__gnutls_alert_send_appropriate (MHD_gtls_session_t session, int err);
const char *MHD__gnutls_alert_get_name (MHD_gnutls_alert_description_t alert);
-enum MHD_GNUTLS_CompressionMethod
-MHD_gtls_compression_get (MHD_gtls_session_t session);
size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm
algorithm);
-/* the name of the specified algorithms */
-const char *MHD_gtls_compression_get_name (enum
- MHD_GNUTLS_CompressionMethod
- algorithm);
-enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char
- *name);
-
/* error functions */
int MHD_gtls_error_is_fatal (int error);
int MHD_gtls_error_to_alert (int err, int *level);
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
@@ -34,8 +34,6 @@ gnutls_buffers.c \
gnutls_cert.c \
gnutls_cipher.c \
gnutls_cipher_int.c \
-gnutls_compress.c \
-gnutls_compress_int.c \
gnutls_constate.c \
gnutls_datum.c \
gnutls_dh.c \
@@ -75,8 +73,6 @@ gnutls_buffers.h \
gnutls_cert.h \
gnutls_cipher.h \
gnutls_cipher_int.h \
-gnutls_compress.h \
-gnutls_compress_int.h \
gnutls_constate.h \
gnutls_datum.h \
gnutls_dh.h \
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
@@ -48,12 +48,6 @@ static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = {
{MHD_GNUTLS_KX_RSA_EXPORT,
MHD_GNUTLS_CRD_CERTIFICATE,
MHD_GNUTLS_CRD_CERTIFICATE},
- {MHD_GNUTLS_KX_DHE_DSS,
- MHD_GNUTLS_CRD_CERTIFICATE,
- MHD_GNUTLS_CRD_CERTIFICATE},
- {MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_CRD_CERTIFICATE,
- MHD_GNUTLS_CRD_CERTIFICATE},
{0,
0,
0}
@@ -95,12 +89,6 @@ static const MHD_gnutls_pk_map MHD_gtls_pk_mappings[] = {
{MHD_GNUTLS_KX_RSA_EXPORT,
MHD_GNUTLS_PK_RSA,
CIPHER_SIGN},
- {MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_PK_RSA,
- CIPHER_SIGN},
- {MHD_GNUTLS_KX_SRP_RSA,
- MHD_GNUTLS_PK_RSA,
- CIPHER_SIGN},
{0,
0,
0}
@@ -207,13 +195,6 @@ static const MHD_gnutls_cipher_entry MHD_gtls_algorithms[] = {
CIPHER_BLOCK,
8,
0},
- {"DES-CBC",
- MHD_GNUTLS_CIPHER_DES_CBC,
- 8,
- 8,
- CIPHER_BLOCK,
- 8,
- 0},
{"ARCFOUR-128",
MHD_GNUTLS_CIPHER_ARCFOUR_128,
1,
@@ -221,20 +202,6 @@ static const MHD_gnutls_cipher_entry MHD_gtls_algorithms[] = {
CIPHER_STREAM,
0,
0},
- {"ARCFOUR-40",
- MHD_GNUTLS_CIPHER_ARCFOUR_40,
- 1,
- 5,
- CIPHER_STREAM,
- 0,
- 1},
- {"RC2-40",
- MHD_GNUTLS_CIPHER_RC2_40_CBC,
- 8,
- 5,
- CIPHER_BLOCK,
- 8,
- 1},
{"NULL",
MHD_GNUTLS_CIPHER_NULL,
1,
@@ -256,10 +223,7 @@ static const enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_supported_ciphers[] =
{ MHD_GNUTLS_CIPHER_AES_256_CBC,
MHD_GNUTLS_CIPHER_AES_128_CBC,
MHD_GNUTLS_CIPHER_3DES_CBC,
- MHD_GNUTLS_CIPHER_DES_CBC,
MHD_GNUTLS_CIPHER_ARCFOUR_128,
- MHD_GNUTLS_CIPHER_ARCFOUR_40,
- MHD_GNUTLS_CIPHER_RC2_40_CBC,
MHD_GNUTLS_CIPHER_NULL,
0
};
@@ -332,10 +296,6 @@ MHD_gnutls_compression_entry
MHD__gnutls_compression_algorithms[MAX_COMP_METHODS] =
{
GNUTLS_COMPRESSION_ENTRY (MHD_GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
-#ifdef HAVE_LIBZ
- /* draft-ietf-tls-compression-02 */
- GNUTLS_COMPRESSION_ENTRY (MHD_GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
-#endif
{
0, 0, 0, 0, 0, 0}
};
@@ -343,9 +303,6 @@ MHD_gnutls_compression_entry
static const enum MHD_GNUTLS_CompressionMethod
MHD_gtls_supported_compressions[] =
{
-#ifdef HAVE_LIBZ
- MHD_GNUTLS_COMP_DEFLATE,
-#endif
MHD_GNUTLS_COMP_NULL,
0
};
@@ -389,16 +346,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
&MHD_rsa_export_auth_struct,
0,
1 /* needs RSA params */ },
- {"DHE-RSA",
- MHD_GNUTLS_KX_DHE_RSA,
- &MHD_gtls_dhe_rsa_auth_struct,
- 1,
- 0},
- {"DHE-DSS",
- MHD_GNUTLS_KX_DHE_DSS,
- &MHD_gtls_dhe_dss_auth_struct,
- 1,
- 0},
{0,
0,
0,
@@ -411,8 +358,6 @@ static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] =
{
MHD_GNUTLS_KX_RSA,
MHD_GNUTLS_KX_RSA_EXPORT,
- MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_KX_DHE_DSS,
0
};
@@ -477,8 +422,6 @@ typedef struct
#define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 }
#define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
-#define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 }
-
/* rfc3268:
*/
#define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
@@ -522,88 +465,11 @@ typedef struct
#define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1
static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
- /* SRP */
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
- MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_SRP,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_SRP,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
- MHD_GNUTLS_CIPHER_3DES_CBC,
- MHD_GNUTLS_KX_SRP_DSS,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
- MHD_GNUTLS_CIPHER_3DES_CBC,
- MHD_GNUTLS_KX_SRP_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_128_CBC,
- MHD_GNUTLS_KX_SRP_DSS,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_128_CBC,
- MHD_GNUTLS_KX_SRP_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_256_CBC,
- MHD_GNUTLS_KX_SRP_DSS,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_256_CBC,
- MHD_GNUTLS_KX_SRP_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-
- /* DHE_DSS */
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
- MHD_GNUTLS_CIPHER_ARCFOUR_128,
- MHD_GNUTLS_KX_DHE_DSS,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
- MHD_GNUTLS_CIPHER_3DES_CBC,
- MHD_GNUTLS_KX_DHE_DSS,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_128_CBC,
- MHD_GNUTLS_KX_DHE_DSS,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_256_CBC,
- MHD_GNUTLS_KX_DHE_DSS,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
- /* DHE_RSA */
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
- MHD_GNUTLS_CIPHER_3DES_CBC,
- MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_128_CBC,
- MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_256_CBC,
- MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
/* RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
MHD_GNUTLS_CIPHER_NULL,
MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5,
MHD_GNUTLS_PROTOCOL_SSL3),
-
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
- MHD_GNUTLS_CIPHER_ARCFOUR_40,
- MHD_GNUTLS_KX_RSA_EXPORT, MHD_GNUTLS_MAC_MD5,
- MHD_GNUTLS_PROTOCOL_SSL3),
-
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
MHD_GNUTLS_CIPHER_ARCFOUR_128,
MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1,
diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c
@@ -28,7 +28,6 @@
#include "gnutls_int.h"
#include "gnutls_errors.h"
-#include "gnutls_compress.h"
#include "gnutls_cipher.h"
#include "gnutls_algorithms.h"
#include "gnutls_hash_int.h"
@@ -41,27 +40,6 @@
#include "gnutls_constate.h"
#include <gc.h>
-inline static int
-is_write_comp_null (MHD_gtls_session_t session)
-{
- if (session->security_parameters.write_compression_algorithm ==
- MHD_GNUTLS_COMP_NULL)
- return 0;
-
- return 1;
-}
-
-inline static int
-is_read_comp_null (MHD_gtls_session_t session)
-{
- if (session->security_parameters.read_compression_algorithm ==
- MHD_GNUTLS_COMP_NULL)
- return 0;
-
- return 1;
-}
-
-
/* returns ciphertext which contains the headers too. This also
* calculates the size in the header field.
*
@@ -81,24 +59,8 @@ MHD_gtls_encrypt (MHD_gtls_session_t session, const opaque * headers,
plain.data = (opaque *) data;
plain.size = data_size;
- if (plain.size == 0 || is_write_comp_null (session) == 0)
- {
- comp = plain;
- free_comp = 0;
- }
- else
- {
- /* Here comp is allocated and must be
- * freed.
- */
- ret = MHD__gnutls_m_plaintext2compressed (session, &comp, &plain);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- }
-
+ comp = plain;
+ free_comp = 0;
ret = MHD_gtls_compressed2ciphertext (session, &ciphertext[headers_size],
ciphertext_size - headers_size,
comp, type, random_pad);
@@ -128,9 +90,7 @@ MHD_gtls_decrypt (MHD_gtls_session_t session, opaque * ciphertext,
size_t ciphertext_size, uint8_t * data,
size_t max_data_size, content_type_t type)
{
- MHD_gnutls_datum_t gtxt;
MHD_gnutls_datum_t gcipher;
- int ret;
if (ciphertext_size == 0)
return 0;
@@ -138,59 +98,9 @@ MHD_gtls_decrypt (MHD_gtls_session_t session, opaque * ciphertext,
gcipher.size = ciphertext_size;
gcipher.data = ciphertext;
- ret =
+ return
MHD_gtls_ciphertext2compressed (session, data, max_data_size,
gcipher, type);
- if (ret < 0)
- {
- return ret;
- }
-
- if (ret == 0 || is_read_comp_null (session) == 0)
- {
- /* ret == ret */
-
- }
- else
- {
- MHD_gnutls_datum_t gcomp;
-
- /* compression has this malloc overhead.
- */
-
- gcomp.data = data;
- gcomp.size = ret;
- ret = MHD__gnutls_m_compressed2plaintext (session, >xt, &gcomp);
- if (ret < 0)
- {
- return ret;
- }
-
- if (gtxt.size > MAX_RECORD_RECV_SIZE)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (>xt);
- /* This shouldn't have happen and
- * is a TLS fatal error.
- */
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
-
- /* This check is not really needed */
- if (max_data_size < MAX_RECORD_RECV_SIZE)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (>xt);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- memcpy (data, gtxt.data, gtxt.size);
- ret = gtxt.size;
-
- MHD__gnutls_free_datum (>xt);
- }
-
- return ret;
}
inline static mac_hd_t
diff --git a/src/daemon/https/tls/gnutls_cipher_int.c b/src/daemon/https/tls/gnutls_cipher_int.c
@@ -40,31 +40,15 @@ MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher,
case MHD_GNUTLS_CIPHER_AES_128_CBC:
err = MHD_gc_cipher_open (GC_AES128, GC_CBC, &ret);
break;
-
case MHD_GNUTLS_CIPHER_AES_256_CBC:
err = MHD_gc_cipher_open (GC_AES256, GC_CBC, &ret);
break;
-
case MHD_GNUTLS_CIPHER_3DES_CBC:
err = MHD_gc_cipher_open (GC_3DES, GC_CBC, &ret);
break;
-
- case MHD_GNUTLS_CIPHER_DES_CBC:
- err = MHD_gc_cipher_open (GC_DES, GC_CBC, &ret);
- break;
-
case MHD_GNUTLS_CIPHER_ARCFOUR_128:
err = MHD_gc_cipher_open (GC_ARCFOUR128, GC_STREAM, &ret);
break;
-
- case MHD_GNUTLS_CIPHER_ARCFOUR_40:
- err = MHD_gc_cipher_open (GC_ARCFOUR40, GC_STREAM, &ret);
- break;
-
- case MHD_GNUTLS_CIPHER_RC2_40_CBC:
- err = MHD_gc_cipher_open (GC_ARCTWO40, GC_CBC, &ret);
- break;
-
default:
return NULL;
}
diff --git a/src/daemon/https/tls/gnutls_compress.c b/src/daemon/https/tls/gnutls_compress.c
@@ -1,80 +0,0 @@
-/*
- * Copyright (C) 2000, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains the functions which convert the TLS plaintext
- * packet to TLS compressed packet.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_compress.h"
-#include "gnutls_errors.h"
-#include "gnutls_compress_int.h"
-
-/* These functions allocate the return value internally
- */
-int
-MHD__gnutls_m_plaintext2compressed (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * compressed,
- const MHD_gnutls_datum_t * plaintext)
-{
- int size;
- opaque *data;
-
- size =
- MHD_gtls_compress (session->connection_state.write_compression_state,
- plaintext->data, plaintext->size, &data,
- MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE);
- if (size < 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_COMPRESSION_FAILED;
- }
- compressed->data = data;
- compressed->size = size;
-
- return 0;
-}
-
-int
-MHD__gnutls_m_compressed2plaintext (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * plain,
- const MHD_gnutls_datum_t * compressed)
-{
- int size;
- opaque *data;
-
- size =
- MHD_gtls_decompress (session->connection_state.read_compression_state,
- compressed->data, compressed->size, &data,
- MAX_RECORD_RECV_SIZE);
- if (size < 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
- plain->data = data;
- plain->size = size;
-
- return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_compress.h b/src/daemon/https/tls/gnutls_compress.h
@@ -1,31 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int MHD__gnutls_m_plaintext2compressed (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * compressed,
- const MHD_gnutls_datum_t * plaintext);
-int MHD__gnutls_m_compressed2plaintext (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * plain,
- const MHD_gnutls_datum_t *
- compressed);
diff --git a/src/daemon/https/tls/gnutls_compress_int.c b/src/daemon/https/tls/gnutls_compress_int.c
@@ -1,296 +0,0 @@
-/*
- * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_compress.h>
-#include <gnutls_algorithms.h>
-#include "gnutls_errors.h"
-
-/* The flag d is the direction (compress, decompress). Non zero is
- * decompress.
- */
-comp_hd_t
-MHD_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod method, int d)
-{
- comp_hd_t ret;
-
- ret = MHD_gnutls_malloc (sizeof (struct comp_hd_t_STRUCT));
- if (ret == NULL)
- {
- MHD_gnutls_assert ();
- return NULL;
- }
-
- ret->algo = method;
- ret->handle = NULL;
-
- switch (method)
- {
-#ifdef HAVE_LIBZ
- case MHD_GNUTLS_COMP_DEFLATE:
- {
- int window_bits, mem_level;
- int comp_level;
- int err;
- z_stream *zhandle;
-
- window_bits = MHD_gtls_compression_get_wbits (method);
- mem_level = MHD_gtls_compression_get_mem_level (method);
- comp_level = MHD_gtls_compression_get_comp_level (method);
-
- ret->handle = MHD_gnutls_malloc (sizeof (z_stream));
- if (ret->handle == NULL)
- {
- MHD_gnutls_assert ();
- goto cleanup_ret;
- }
-
- zhandle = ret->handle;
-
- zhandle->zalloc = (alloc_func) 0;
- zhandle->zfree = (free_func) 0;
- zhandle->opaque = (voidpf) 0;
-
- if (d)
- err = inflateInit2 (zhandle, window_bits);
- else
- err = deflateInit2 (zhandle,
- comp_level, Z_DEFLATED,
- window_bits, mem_level, Z_DEFAULT_STRATEGY);
- if (err != Z_OK)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_free (ret->handle);
- goto cleanup_ret;
- }
- break;
- }
-#endif
- case MHD_GNUTLS_COMP_NULL:
- break;
- default:
- /* not supported! */
- goto cleanup_ret;
- }
- return ret;
-
-cleanup_ret:
- MHD_gnutls_free (ret);
- return NULL;
-}
-
-/* The flag d is the direction (compress, decompress). Non zero is
- * decompress.
- */
-void
-MHD_gtls_comp_deinit (comp_hd_t handle, int d)
-{
- if (handle != NULL)
- {
- switch (handle->algo)
- {
-#ifdef HAVE_LIBZ
- int err;
- case MHD_GNUTLS_COMP_DEFLATE:
- if (d)
- err = inflateEnd (handle->handle);
- else
- err = deflateEnd (handle->handle);
- break;
-#endif
- default:
- break;
- }
- MHD_gnutls_free (handle->handle);
- MHD_gnutls_free (handle);
-
- }
-}
-
-/* These functions are memory consuming
- */
-
-int
-MHD_gtls_compress (comp_hd_t handle, const opaque * plain,
- size_t plain_size, opaque ** compressed,
- size_t max_comp_size)
-{
- int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
-
- /* NULL compression is not handled here
- */
- if (handle == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- switch (handle->algo)
- {
-
-#ifdef HAVE_LIBZ
- case MHD_GNUTLS_COMP_DEFLATE:
- {
- uLongf size;
- z_stream *zhandle;
- int err;
-
- size = (plain_size + plain_size) + 10;
- *compressed = MHD_gnutls_malloc (size);
- if (*compressed == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef *) plain;
- zhandle->avail_in = plain_size;
- zhandle->next_out = (Bytef *) * compressed;
- zhandle->avail_out = size;
-
- err = deflate (zhandle, Z_SYNC_FLUSH);
-
- if (err != Z_OK || zhandle->avail_in != 0)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_free (*compressed);
- *compressed = NULL;
- return GNUTLS_E_COMPRESSION_FAILED;
- }
-
- compressed_size = size - zhandle->avail_out;
- break;
- }
-#endif
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
-
- if ((size_t) compressed_size > max_comp_size)
- {
- MHD_gnutls_free (*compressed);
- *compressed = NULL;
- return GNUTLS_E_COMPRESSION_FAILED;
- }
-
- return compressed_size;
-}
-
-
-
-int
-MHD_gtls_decompress (comp_hd_t handle, opaque * compressed,
- size_t compressed_size, opaque ** plain,
- size_t max_record_size)
-{
- int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
-
- if (compressed_size > max_record_size + EXTRA_COMP_SIZE)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
-
- /* NULL compression is not handled here
- */
-
- if (handle == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- switch (handle->algo)
- {
-#ifdef HAVE_LIBZ
- case MHD_GNUTLS_COMP_DEFLATE:
- {
- int err;
- uLongf out_size;
- z_stream *zhandle;
- unsigned int cur_pos;
-
- *plain = NULL;
- out_size = compressed_size + compressed_size;
- plain_size = 0;
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef *) compressed;
- zhandle->avail_in = compressed_size;
-
- cur_pos = 0;
-
- do
- {
- out_size += 512;
- *plain = MHD_gtls_realloc_fast (*plain, out_size);
- if (*plain == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- zhandle->next_out = (Bytef *) (*plain + cur_pos);
- zhandle->avail_out = out_size - cur_pos;
-
- err = inflate (zhandle, Z_SYNC_FLUSH);
-
- cur_pos = out_size - zhandle->avail_out;
-
- }
- while ((err == Z_BUF_ERROR && zhandle->avail_out == 0
- && out_size < max_record_size)
- || (err == Z_OK && zhandle->avail_in != 0));
-
- if (err != Z_OK)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_free (*plain);
- *plain = NULL;
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
-
- plain_size = out_size - zhandle->avail_out;
- break;
- }
-#endif
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
-
- if ((size_t) plain_size > max_record_size)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_free (*plain);
- *plain = NULL;
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
-
- return plain_size;
-}
diff --git a/src/daemon/https/tls/gnutls_compress_int.h b/src/daemon/https/tls/gnutls_compress_int.h
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_COMP_INT
-# define GNUTLS_COMP_INT
-
-#ifdef HAVE_LIBZ
-# include <zlib.h>
-#endif
-
-#define GNUTLS_COMP_FAILED NULL
-
-typedef struct comp_hd_t_STRUCT
-{
- void *handle;
- enum MHD_GNUTLS_CompressionMethod algo;
-} *comp_hd_t;
-
-comp_hd_t MHD_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod, int d);
-void MHD_gtls_comp_deinit (comp_hd_t handle, int d);
-
-int MHD_gtls_decompress (comp_hd_t handle, opaque * compressed,
- size_t compressed_size, opaque ** plain,
- size_t max_record_size);
-int MHD_gtls_compress (comp_hd_t, const opaque * plain, size_t plain_size,
- opaque ** compressed, size_t max_comp_size);
-
-#endif
diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c
@@ -570,11 +570,6 @@ MHD_gtls_read_connection_state_init (MHD_gtls_session_t session)
if (session->connection_state.read_cipher_state != NULL)
MHD_gnutls_cipher_deinit (session->connection_state.read_cipher_state);
- if (session->connection_state.read_compression_state != NULL)
- MHD_gtls_comp_deinit (session->connection_state.read_compression_state,
- 1);
-
-
mac_size =
MHD_gnutls_hash_get_algo_len (session->
security_parameters.read_mac_algorithm);
@@ -656,16 +651,6 @@ MHD_gtls_read_connection_state_init (MHD_gtls_session_t session)
return GNUTLS_E_INTERNAL_ERROR;
}
- session->connection_state.read_compression_state =
- MHD_gtls_comp_init (session->
- security_parameters.read_compression_algorithm, 1);
-
- if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
return 0;
}
@@ -753,10 +738,6 @@ MHD_gtls_write_connection_state_init (MHD_gtls_session_t session)
if (session->connection_state.write_cipher_state != NULL)
MHD_gnutls_cipher_deinit (session->connection_state.write_cipher_state);
- if (session->connection_state.write_compression_state != NULL)
- MHD_gtls_comp_deinit (session->connection_state.write_compression_state,
- 0);
-
mac_size =
MHD_gnutls_hash_get_algo_len (session->
security_parameters.write_mac_algorithm);
@@ -842,16 +823,6 @@ MHD_gtls_write_connection_state_init (MHD_gtls_session_t session)
}
- session->connection_state.write_compression_state =
- MHD_gtls_comp_init (session->
- security_parameters.write_compression_algorithm, 0);
-
- if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
return 0;
}
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
@@ -771,13 +771,6 @@ MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session,
session->internals.compression_method = method;
MHD_gnutls_free (comps);
-
- MHD__gnutls_handshake_log
- ("HSK[%x]: Selected Compression Method: %s\n", session,
- MHD_gtls_compression_get_name (session->
- internals.compression_method));
-
-
return 0;
}
}
@@ -2786,16 +2779,6 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
if (server)
delete = check_server_params (session, kx, alg, alg_size);
}
-
- /* These two SRP kx's are marked to require a CRD_CERTIFICATE,
- (see cred_mappings in MHD_gnutls_algorithms.c), but it also
- requires a SRP credential. Don't use SRP kx unless we have a
- SRP credential too. */
- if (kx == MHD_GNUTLS_KX_SRP_RSA || kx == MHD_GNUTLS_KX_SRP_DSS)
- {
- delete = 1;
- }
-
memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2);
if (delete == 0)
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h
@@ -360,8 +360,6 @@ typedef struct
{
cipher_hd_t write_cipher_state;
cipher_hd_t read_cipher_state;
- comp_hd_t read_compression_state;
- comp_hd_t write_compression_state;
MHD_gnutls_datum_t read_mac_secret;
MHD_gnutls_datum_t write_mac_secret;
uint64 read_sequence_number;
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c
@@ -715,10 +715,7 @@ get_temp_recv_buffer (MHD_gtls_session_t session, MHD_gnutls_datum_t * tmp)
{
size_t max_record_size;
- if (MHD_gtls_compression_get (session) != MHD_GNUTLS_COMP_NULL)
- max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE;
- else
- max_record_size = MAX_RECORD_RECV_SIZE;
+ max_record_size = MAX_RECORD_RECV_SIZE;
/* We allocate MAX_RECORD_RECV_SIZE length
* because we cannot predict the output data by the record
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
@@ -88,18 +88,6 @@ MHD_gnutls_kx_get (MHD_gtls_session_t session)
return session->security_parameters.kx_algorithm;
}
-/**
- * MHD_gnutls_compression_get - Returns the currently used compression algorithm.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: the currently used compression method.
- **/
-enum MHD_GNUTLS_CompressionMethod
-MHD_gtls_compression_get (MHD_gtls_session_t session)
-{
- return session->security_parameters.read_compression_algorithm;
-}
-
/* Check if the given certificate type is supported.
* This means that it is enabled by the priority functions,
* and a matching certificate exists.
@@ -242,11 +230,6 @@ MHD__gnutls_init (MHD_gtls_session_t * session,
(*session)->security_parameters.read_mac_algorithm =
(*session)->security_parameters.write_mac_algorithm = MHD_GNUTLS_MAC_NULL;
- (*session)->security_parameters.read_compression_algorithm
- = MHD_GNUTLS_COMP_NULL;
- (*session)->security_parameters.write_compression_algorithm
- = MHD_GNUTLS_COMP_NULL;
-
/* Initialize buffers */
MHD_gtls_buffer_init (&(*session)->internals.application_data_buffer);
MHD_gtls_buffer_init (&(*session)->internals.handshake_data_buffer);
@@ -348,13 +331,6 @@ MHD__gnutls_deinit (MHD_gtls_session_t session)
if (session->connection_state.write_cipher_state != NULL)
MHD_gnutls_cipher_deinit (session->connection_state.write_cipher_state);
- if (session->connection_state.read_compression_state != NULL)
- MHD_gtls_comp_deinit (session->connection_state.read_compression_state,
- 1);
- if (session->connection_state.write_compression_state != NULL)
- MHD_gtls_comp_deinit (session->connection_state.write_compression_state,
- 0);
-
MHD__gnutls_free_datum (&session->cipher_specs.server_write_mac_secret);
MHD__gnutls_free_datum (&session->cipher_specs.client_write_mac_secret);
MHD__gnutls_free_datum (&session->cipher_specs.server_write_IV);
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -413,31 +413,6 @@ enum MHD_OPTION
MHD_OPTION_CIPHER_ALGORITHM = 13,
/**
- * Memory pointer to a zero (MHD_GNUTLS_KX_UNKNOWN)
- * terminated (const) array of 'MHD_GNUTLS_KeyExchangeAlgorithm' representing the
- * key exchange algorithm priority order to which the HTTPS daemon should adhere.
- */
- MHD_OPTION_KX_PRIORITY = 14,
-
- /**
- * Indicate which type of certificate this server will use,
- * followed by a value of type 'enum MHD_GNUTLS_CertificateType'.
- */
- MHD_OPTION_CERT_TYPE = 15,
-
- /**
- * Specify the mac algorithm used by server.
- * The argument should be of type "enum MHD_GNUTLS_MacAlgorithm"
- */
- MHD_OPTION_MAC_ALGO = 16,
-
- /**
- * Compression algorithm used by server. Should be followed by an
- * option of type 'enum MHD_GNUTLS_CompressionMethod'.
- */
- MHD_OPTION_TLS_COMP_ALGO = 17,
-
- /**
* This value is used to indicate the end of the
* list of vararg options.
*/
@@ -535,79 +510,6 @@ enum MHD_GNUTLS_CipherAlgorithm
MHD_GNUTLS_CIPHER_3DES_CBC,
MHD_GNUTLS_CIPHER_AES_128_CBC,
MHD_GNUTLS_CIPHER_AES_256_CBC,
- MHD_GNUTLS_CIPHER_ARCFOUR_40,
- MHD_GNUTLS_CIPHER_RC2_40_CBC = 90,
- MHD_GNUTLS_CIPHER_DES_CBC
-};
-
-/**
- * List of key exchange algorithms.
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_KeyExchangeAlgorithm
-{
- MHD_GNUTLS_KX_UNKNOWN = 0,
- MHD_GNUTLS_KX_RSA = 1,
- MHD_GNUTLS_KX_DHE_DSS,
- MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_KX_SRP,
- MHD_GNUTLS_KX_RSA_EXPORT,
- MHD_GNUTLS_KX_SRP_RSA,
- MHD_GNUTLS_KX_SRP_DSS
-};
-
-/**
- * Server credentials type (note that not all types
- * maybe supported by all MHD builds).
- */
-enum MHD_GNUTLS_CredentialsType
-{
- /**
- * We have a x.509 certificate.
- */
- MHD_GNUTLS_CRD_CERTIFICATE = 1,
-
-};
-
-/**
- * Enumeration of possible cryptographic
- * hash functions (for MAC and Digest operations).
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_HashAlgorithm
-{
- MHD_GNUTLS_MAC_UNKNOWN = 0,
- MHD_GNUTLS_MAC_NULL = 1,
- MHD_GNUTLS_MAC_MD5,
- MHD_GNUTLS_MAC_SHA1,
- MHD_GNUTLS_MAC_SHA256
-#if 0
- /* unsupported */
- MHD_GNUTLS_MAC_SHA384,
- MHD_GNUTLS_MAC_SHA512
-#endif
-};
-
-/**
- * List of compression methods.
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_CompressionMethod
-{
- MHD_GNUTLS_COMP_UNKNOWN = 0,
-
- /**
- * No compression.
- */
- MHD_GNUTLS_COMP_NULL = 1,
-
- /**
- * gzip compression.
- */
- MHD_GNUTLS_COMP_DEFLATE
};
/**
@@ -626,30 +528,6 @@ enum MHD_GNUTLS_Protocol
};
/**
- * Types of certificates.
- */
-enum MHD_GNUTLS_CertificateType
-{
- MHD_GNUTLS_CRT_UNKNOWN = 0,
- MHD_GNUTLS_CRT_X509 = 1
-};
-
-/**
- * List of public key algorithms.
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_PublicKeyAlgorithm
-{
- MHD_GNUTLS_PK_UNKNOWN = 0,
- MHD_GNUTLS_PK_RSA = 1
-#if 0
- /* unsupported */
- MHD_GNUTLS_PK_DSA
-#endif
-};
-
-/**
* Values of this enum are used to specify what
* information about a connection is desired.
*/
@@ -662,40 +540,10 @@ enum MHD_ConnectionInfoType
MHD_CONNECTION_INFO_CIPHER_ALGO,
/**
- * What key exchange algorithm is being used.
- * Takes no extra arguments.
- */
- MHD_CONNECTION_INFO_KX_ALGO,
-
- /**
- *
- * Takes no extra arguments.
- */
- MHD_CONNECTION_INFO_CREDENTIALS_TYPE,
-
- /**
- *
- * Takes no extra arguments.
- */
- MHD_CONNECTION_INFO_MAC_ALGO,
-
- /**
- * What compression method is being used.
- * Takes no extra arguments.
- */
- MHD_CONNECTION_INFO_COMPRESSION_METHOD,
-
- /**
*
* Takes no extra arguments.
*/
MHD_CONNECTION_INFO_PROTOCOL,
-
- /**
- *
- * Takes no extra arguments.
- */
- MHD_CONNECTION_INFO_CERT_TYPE
};
/**
@@ -1260,13 +1108,7 @@ int MHD_destroy_post_processor (struct MHD_PostProcessor *pp);
union MHD_ConnectionInfo
{
enum MHD_GNUTLS_CipherAlgorithm cipher_algorithm;
- enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm;
- enum MHD_GNUTLS_CredentialsType credentials_type;
- enum MHD_GNUTLS_HashAlgorithm mac_algorithm;
- enum MHD_GNUTLS_CompressionMethod compression_method;
enum MHD_GNUTLS_Protocol protocol;
- enum MHD_GNUTLS_CertificateType certificate_type;
- enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm;
};
/**
diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c
@@ -82,34 +82,6 @@ query_session_ahc (void *cls, struct MHD_Connection *connection,
if (MHD_get_connection_info
(connection,
- MHD_CONNECTION_INFO_KX_ALGO)->kx_algorithm != MHD_GNUTLS_KX_RSA)
- {
- fprintf (stderr, "Error: requested key exchange mismatch. %s\n",
- strerror (errno));
- return -1;
- }
-
- if (MHD_get_connection_info
- (connection,
- MHD_CONNECTION_INFO_MAC_ALGO)->mac_algorithm != MHD_GNUTLS_MAC_SHA1)
- {
- fprintf (stderr, "Error: requested mac algorithm mismatch. %s\n",
- strerror (errno));
- return -1;
- }
-
- if (MHD_get_connection_info
- (connection,
- MHD_CONNECTION_INFO_COMPRESSION_METHOD)->compression_method !=
- MHD_GNUTLS_COMP_NULL)
- {
- fprintf (stderr, "Error: requested compression mismatch. %s\n",
- strerror (errno));
- return -1;
- }
-
- if (MHD_get_connection_info
- (connection,
MHD_CONNECTION_INFO_PROTOCOL)->protocol != MHD_GNUTLS_PROTOCOL_SSL3)
{
fprintf (stderr, "Error: requested compression mismatch. %s\n",
@@ -117,26 +89,6 @@ query_session_ahc (void *cls, struct MHD_Connection *connection,
return -1;
}
- if (MHD_get_connection_info
- (connection,
- MHD_CONNECTION_INFO_CERT_TYPE)->certificate_type !=
- MHD_GNUTLS_CRT_X509)
- {
- fprintf (stderr, "Error: requested certificate mismatch. %s\n",
- strerror (errno));
- return -1;
- }
-
- if (MHD_get_connection_info
- (connection,
- MHD_CONNECTION_INFO_CREDENTIALS_TYPE)->credentials_type !=
- MHD_GNUTLS_CRD_CERTIFICATE)
- {
- fprintf (stderr, "Error: requested certificate mismatch. %s\n",
- strerror (errno));
- return -1;
- }
-
response = MHD_create_response_from_data (strlen (EMPTY_PAGE),
(void *) EMPTY_PAGE,
MHD_NO, MHD_NO);
