gnutls_priority.c File Reference

#include "gnutls_int.h"
#include "gnutls_algorithms.h"
#include "gnutls_errors.h"
#include <gnutls_num.h>

Include dependency graph for gnutls_priority.c:

Go to the source code of this file.

Defines

#define MAX_ELEMENTS   48

Functions

static int _set_priority (MHD_gtls_priority_st *st, const int *list)
int MHD__gnutls_priority_set (MHD_gtls_session_t session, MHD_gnutls_priority_t priority)
int MHD_tls_set_default_priority (MHD_gnutls_priority_t *priority_cache, const char *priorities, const char **err_pos)
void MHD__gnutls_priority_deinit (MHD_gnutls_priority_t priority_cache)
int MHD__gnutls_priority_set_direct (MHD_gtls_session_t session, const char *priorities, const char **err_pos)

Variables

static const int MHD_gtls_protocol_priority []
static const int MHD_gtls_cipher_priority_secure256 []
static const int MHD_gtls_kx_priority_secure []
static const int MHD_gtls_mac_priority_secure []
static int MHD_gtls_cert_type_priority []
static const int MHD_gtls_comp_priority []


Define Documentation

#define MAX_ELEMENTS   48

Definition at line 33 of file gnutls_priority.c.


Function Documentation

static int _set_priority ( MHD_gtls_priority_st st,
const int *  list 
) [static]

Definition at line 36 of file gnutls_priority.c.

References MAX_ALGOS, MHD_gtls_priority_st::num_algorithms, and MHD_gtls_priority_st::priority.

Referenced by MHD_start_daemon_va(), and MHD_tls_set_default_priority().

Here is the caller graph for this function:

void MHD__gnutls_priority_deinit ( MHD_gnutls_priority_t  priority_cache  ) 

MHD__gnutls_priority_deinit - Deinitialize the priorities cache for the cipher suites supported by gnutls. : is a MHD_gnutls_prioritity_t structure.

Deinitializes the priority cache.

Definition at line 199 of file gnutls_priority.c.

References MHD_gnutls_free.

Referenced by MHD__gnutls_priority_set_direct(), and MHD_stop_daemon().

Here is the caller graph for this function:

int MHD__gnutls_priority_set ( MHD_gtls_session_t  session,
MHD_gnutls_priority_t  priority 
)

MHD__gnutls_priority_set - Sets priorities for the cipher suites supported by gnutls. : is a MHD_gtls_session_t structure. : is a MHD_gnutls_priority_t structure.

Sets the priorities to use on the ciphers, key exchange methods, macs and compression methods.

On success 0 is returned.

Definition at line 86 of file gnutls_priority.c.

References GNUTLS_E_NO_CIPHER_SUITES, MHD_gtls_session_int::internals, MHD_gnutls_assert, and MHD_gtls_internals_st::priorities.

Referenced by MHD__gnutls_priority_set_direct(), and MHD_accept_connection().

Here is the caller graph for this function:

int MHD__gnutls_priority_set_direct ( MHD_gtls_session_t  session,
const char *  priorities,
const char **  err_pos 
)

MHD__gnutls_priority_set_direct - Sets priorities for the cipher suites supported by gnutls. : is a MHD_gtls_session_t structure. : is a string describing priorities : In case of an error this will have the position in the string the error occured

Sets the priorities to use on the ciphers, key exchange methods, macs and compression methods. This function avoids keeping a priority cache and is used to directly set string priorities to a TLS session. For documentation check the MHD_tls_set_default_priority().

On syntax error GNUTLS_E_INVALID_REQUEST is returned and 0 on success.

Definition at line 219 of file gnutls_priority.c.

References MHD__gnutls_priority_deinit(), MHD__gnutls_priority_set(), MHD_gnutls_assert, and MHD_tls_set_default_priority().

Here is the call graph for this function:

int MHD_tls_set_default_priority ( MHD_gnutls_priority_t priority_cache,
const char *  priorities,
const char **  err_pos 
)

MHD_tls_set_default_priority - Sets priorities for the cipher suites supported by gnutls. : is a MHD_gnutls_prioritity_t structure. : is a string describing priorities : In case of an error this will have the position in the string the error occured

Sets priorities for the ciphers, key exchange methods, macs and compression methods. This is to avoid using the MHD_gnutls_*_priority() functions.

The priorities option allows you to specify a semi-colon separated list of the cipher priorities to enable.

Unless the first keyword is "NONE" the defaults are: Protocols: TLS1.1, TLS1.0, and SSL3.0. Compression: NULL. Certificate types: X.509, OpenPGP.

You can also use predefined sets of ciphersuites: "PERFORMANCE" all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance.

"NORMAL" option enables all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin.

"SECURE128" flag enables all "secure" ciphersuites with ciphers up to 128 bits, sorted by security margin.

"SECURE256" flag enables all "secure" ciphersuites including the 256 bit ciphers, sorted by security margin.

"EXPORT" all the ciphersuites are enabled, including the low-security 40 bit ciphers.

"NONE" nothing is enabled. This disables even protocols and compression methods.

Special keywords: '!' or '-' appended with an algorithm will remove this algorithm. '+' appended with an algorithm will add this algorithm. 'COMPAT' will enable compatibility features for a server.

To avoid collisions in order to specify a compression algorithm in this string you have to prefix it with "COMP-", protocol versions with "VERS-" and certificate types with "CTYPE-". All other algorithms don't need a prefix.

For key exchange algorithms when in NORMAL or SECURE levels the perfect forward secrecy algorithms take precendence of the other protocols. In all cases all the supported key exchange algorithms are enabled (except for the RSA-EXPORT which is only enabled in EXPORT level).

Note that although one can select very long key sizes (such as 256 bits) for symmetric algorithms, to actually increase security the public key algorithms have to use longer key sizes as well.

Examples: "NORMAL:!AES-128-CBC", "EXPORT:!VERS-TLS1.0:+COMP-DEFLATE:+CTYPE-OPENPGP", "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL", "NORMAL", "NORMAL:%COMPAT".

Returns: On syntax error GNUTLS_E_INVALID_REQUEST is returned and 0 on success.

Definition at line 167 of file gnutls_priority.c.

References _set_priority(), GNUTLS_E_MEMORY_ERROR, MHD_gnutls_assert, MHD_gnutls_calloc, MHD_gtls_cert_type_priority, MHD_gtls_cipher_priority_secure256, MHD_gtls_comp_priority, MHD_gtls_kx_priority_secure, MHD_gtls_mac_priority_secure, and MHD_gtls_protocol_priority.

Referenced by MHD__gnutls_priority_set_direct(), and MHD_start_daemon_va().

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

Initial value:

Definition at line 66 of file gnutls_priority.c.

Referenced by MHD_tls_set_default_priority().

const int MHD_gtls_cipher_priority_secure256[] [static]

Initial value:

Definition at line 53 of file gnutls_priority.c.

Referenced by MHD_tls_set_default_priority().

const int MHD_gtls_comp_priority[] [static]

Initial value:

Definition at line 70 of file gnutls_priority.c.

Referenced by MHD_tls_set_default_priority().

const int MHD_gtls_kx_priority_secure[] [static]

Initial value:

Definition at line 58 of file gnutls_priority.c.

Referenced by MHD_tls_set_default_priority().

const int MHD_gtls_mac_priority_secure[] [static]

Initial value:

Definition at line 62 of file gnutls_priority.c.

Referenced by MHD_tls_set_default_priority().

const int MHD_gtls_protocol_priority[] [static]


Generated on Fri Feb 27 18:32:13 2009 for GNU libmicrohttpd by  doxygen 1.5.7.1