Patch for GnuTLS 2.10.2
Simon Josefsson
simon at josefsson.org
Mon Dec 12 13:23:40 CET 2011
Hi Alexander. I'm redirecting this to gnutls-devel since the
gnutls-commit list is a list for automatic postings only. Thank you for
the contribution -- to include it however we need some paperwork to
transfer the copyright. Please fill out and follow the instructions in
this form:
http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copyright/request-assign.future
If you only want to assign this contribution and not any future ones,
there is this form:
http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copyright/request-assign.changes
/Simon
mån 2011-12-12 klockan 12:13 +0100 skrev
Alexander.von-Klinski at bardenheuer.de:
> Dear all at the list,
>
> Dear Simon,
>
>
>
> On behalf of our client and in the name of my colleague who did the
> job I would like to contribute a modification of the GnuTLS 2.10.2
> where we added a RSA-PSK key exchange.
>
>
>
> Find attached the new source files auth_rsa.h and auth_rsa_psk.c, the
> gnutls.diff and the log files from validation.
>
> See also the info from below.
>
> The diff must be performed with patch -p1 -c -l -R < gnutls.diff
>
>
>
> Hopefully someone will pick up our work and will find the right place
> for it.
>
> Feedback is welcome…
>
>
>
>
>
> Best regards,
>
>
>
> Alexander von Klinski
>
> Alexander von Klinski
>
> Geschäftsstellenleiter Berlin
> Vice President – Mobile Computing & eID
>
> Bardenheuer GmbH (ALTEN Group)
> Am Borsigturm 11
> D - 13507 Berlin
>
> Tel: +49 (0)30 - 43 09 45 9 - 0
> Fax: +49 (0)30 - 43 09 45 9 - 9
> Mobil: +49 (0)172- 388 75 06
>
> E-Mail: alexander.von-klinski at bardenheuer.de
> Web: http://www.bardenheuer.de
>
> Geschäftsführer: Reiner Bardenheuer und Yves-Antoine Brun
> Registergericht: München
> Registriernummer: HRB 107560
> Umsatzsteuer-Identifikationsnummer: DE 1670 1468 5
>
>
>
> ---
>
>
>
> Intention to extend GnuTLS 2.10.2 was the need for RSA-PSK key
> exchange.
>
>
> The implementation is based on the descriptions in RFC 5246 and RFC
> 4279 respectively.
>
>
>
> To implement the new functionality the following files were added:
> - .../lib/auth_rsa.h
> - .../lib/auth_rsa_psk.c
>
>
>
>
>
> To integrate the new functionality into the existing GnuTLS the
> following files were modified:
> - .../lib/Makefile.am
> - .../lib/Makefile.in
> - .../lib/auth_psk.c
> - .../lib/auth_psk.h
> - .../lib/auth_rsa.c
> - .../lib/gnutls_algorithms.c
> - .../lib/gnutls_priority.c
> - .../lib/gnutls_state.c
> - .../lib/includes/gnutls/gnutls.h.in
>
>
>
>
>
> For testing purposes client and server were used as they are built in
> the context of the GnuTLS build process.
>
>
>
>
>
> The client was called this way:
> gnutls-cli 127.0.0.1 -p 5556 -d 9 --priority NORMAL:
> +RSA-PSK:-RSA:-DHE-RSA:-DHE-PSK:-PSK:-DHE-DSS --pskusername <user>
> --pskkey <key> --insecure
>
>
>
>
>
> The server was called this way:
> gnutls-serv --echo -p 5556 -d 9 --priority NORMAL:
> +RSA-PSK:-RSA:-DHE-RSA:-DHE-PSK:-PSK:-DHE-DSS --x509cafile <file1>
> --x509keyfile <file2> --x509certfile <file3> --pskpasswd <file4>
>
>
>
>
>
> In the client respectively server logs (see attachments) it can be
> seen that the correct key exchange algorithm and cipher suite were
> used.
>
>
>
>
>
> ---------------------------------------------------------------------------------------------------
>
>
>
>
>
> *** new/lib/Makefile.am 2011-10-21 16:22:54.000000000 +0200
> --- old/lib/Makefile.am 2010-08-01 22:37:50.000000000 +0200
> ***************
> *** 60,66 ****
> auth_srp_sb64.c auth_srp_rsa.c
>
> PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
> ! auth_dhe_psk.c gnutls_psk_netconf.c auth_rsa_psk.c
>
> OPRFI_COBJECTS = ext_oprfi.c
>
> --- 60,66 ----
> auth_srp_sb64.c auth_srp_rsa.c
>
> PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
> ! auth_dhe_psk.c gnutls_psk_netconf.c
>
> OPRFI_COBJECTS = ext_oprfi.c
>
> ***************
> *** 103,109 ****
> gnutls_helper.h auth_psk.h auth_psk_passwd.h \
> gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
> ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
> ! ext_safe_renegotiation.h auth_rsa.h
>
> # Separate so we can create the documentation
>
> --- 103,109 ----
> gnutls_helper.h auth_psk.h auth_psk_passwd.h \
> gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
> ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
> ! ext_safe_renegotiation.h
>
> # Separate so we can create the documentation
>
> *** new/lib/Makefile.in 2011-10-31 11:12:46.000000000 +0100
> --- old/lib/Makefile.in 2010-09-30 08:43:01.000000000 +0200
> ***************
> *** 180,192 ****
> gnutls_helper.h auth_psk.h auth_psk_passwd.h \
> gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
> ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
> ! ext_safe_renegotiation.h auth_rsa.h gnutls_record.c \
> ! gnutls_compress.c debug.c gnutls_cipher.c gnutls_buffers.c \
> ! gnutls_handshake.c gnutls_num.c gnutls_errors.c \
> ! gnutls_algorithms.c gnutls_dh.c gnutls_kx.c gnutls_priority.c \
> ! gnutls_hash_int.c gnutls_cipher_int.c gnutls_session.c \
> ! gnutls_db.c x509_b64.c auth_anon.c gnutls_extensions.c \
> ! gnutls_auth.c gnutls_v2_compat.c gnutls_datum.c auth_rsa.c \
> gnutls_session_pack.c gnutls_mpi.c gnutls_pk.c gnutls_cert.c \
> gnutls_global.c gnutls_constate.c gnutls_anon_cred.c \
> pkix_asn1_tab.c gnutls_asn1_tab.c gnutls_mem.c auth_cert.c \
> --- 180,192 ----
> gnutls_helper.h auth_psk.h auth_psk_passwd.h \
> gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
> ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
> ! ext_safe_renegotiation.h gnutls_record.c gnutls_compress.c \
> ! debug.c gnutls_cipher.c gnutls_buffers.c gnutls_handshake.c \
> ! gnutls_num.c gnutls_errors.c gnutls_algorithms.c gnutls_dh.c \
> ! gnutls_kx.c gnutls_priority.c gnutls_hash_int.c \
> ! gnutls_cipher_int.c gnutls_session.c gnutls_db.c x509_b64.c \
> ! auth_anon.c gnutls_extensions.c gnutls_auth.c \
> ! gnutls_v2_compat.c gnutls_datum.c auth_rsa.c \
> gnutls_session_pack.c gnutls_mpi.c gnutls_pk.c gnutls_cert.c \
> gnutls_global.c gnutls_constate.c gnutls_anon_cred.c \
> pkix_asn1_tab.c gnutls_asn1_tab.c gnutls_mem.c auth_cert.c \
> ***************
> *** 200,207 ****
> crypto-api.c ext_safe_renegotiation.c ext_oprfi.c ext_srp.c \
> gnutls_srp.c auth_srp.c auth_srp_passwd.c auth_srp_sb64.c \
> auth_srp_rsa.c auth_psk.c auth_psk_passwd.c gnutls_psk.c \
> ! auth_dhe_psk.c gnutls_psk_netconf.c auth_rsa_psk.c \
> ! ext_session_ticket.c gnutls.asn pkix.asn libgnutls.map
> am__objects_1 =
> am__objects_2 = ext_oprfi.lo
> @ENABLE_OPRFI_TRUE at am__objects_3 = $(am__objects_2)
> --- 200,207 ----
> crypto-api.c ext_safe_renegotiation.c ext_oprfi.c ext_srp.c \
> gnutls_srp.c auth_srp.c auth_srp_passwd.c auth_srp_sb64.c \
> auth_srp_rsa.c auth_psk.c auth_psk_passwd.c gnutls_psk.c \
> ! auth_dhe_psk.c gnutls_psk_netconf.c ext_session_ticket.c \
> ! gnutls.asn pkix.asn libgnutls.map
> am__objects_1 =
> am__objects_2 = ext_oprfi.lo
> @ENABLE_OPRFI_TRUE at am__objects_3 = $(am__objects_2)
> ***************
> *** 227,233 ****
> am__objects_5 = ext_srp.lo gnutls_srp.lo auth_srp.lo \
> auth_srp_passwd.lo auth_srp_sb64.lo auth_srp_rsa.lo
> am__objects_6 = auth_psk.lo auth_psk_passwd.lo gnutls_psk.lo \
> ! auth_dhe_psk.lo gnutls_psk_netconf.lo auth_rsa_psk.lo
> am__objects_7 = ext_session_ticket.lo
> am_libgnutls_la_OBJECTS = $(am__objects_1) $(am__objects_4) \
> $(am__objects_5) $(am__objects_6) $(am__objects_7)
> --- 227,233 ----
> am__objects_5 = ext_srp.lo gnutls_srp.lo auth_srp.lo \
> auth_srp_passwd.lo auth_srp_sb64.lo auth_srp_rsa.lo
> am__objects_6 = auth_psk.lo auth_psk_passwd.lo gnutls_psk.lo \
> ! auth_dhe_psk.lo gnutls_psk_netconf.lo
> am__objects_7 = ext_session_ticket.lo
> am_libgnutls_la_OBJECTS = $(am__objects_1) $(am__objects_4) \
> $(am__objects_5) $(am__objects_6) $(am__objects_7)
> ***************
> *** 995,1001 ****
> auth_srp_sb64.c auth_srp_rsa.c
>
> PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
> ! auth_dhe_psk.c gnutls_psk_netconf.c auth_rsa_psk.c
>
> OPRFI_COBJECTS = ext_oprfi.c
> SESSION_TICKET_COBJECTS = ext_session_ticket.c
> --- 995,1001 ----
> auth_srp_sb64.c auth_srp_rsa.c
>
> PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
> ! auth_dhe_psk.c gnutls_psk_netconf.c
>
> OPRFI_COBJECTS = ext_oprfi.c
> SESSION_TICKET_COBJECTS = ext_session_ticket.c
> ***************
> *** 1032,1038 ****
> gnutls_helper.h auth_psk.h auth_psk_passwd.h \
> gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
> ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
> ! ext_safe_renegotiation.h auth_rsa.h
>
>
> # Separate so we can create the documentation
> --- 1032,1038 ----
> gnutls_helper.h auth_psk.h auth_psk_passwd.h \
> gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
> ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
> ! ext_safe_renegotiation.h
>
>
> # Separate so we can create the documentation
> ***************
> *** 1168,1174 ****
> @AMDEP_TRUE@@am__include@
> @am__quote at ./$(DEPDIR)/auth_psk_passwd.Plo at am__quote@
> @AMDEP_TRUE@@am__include@
> @am__quote at ./$(DEPDIR)/auth_rsa.Plo at am__quote@
> @AMDEP_TRUE@@am__include@
> @am__quote at ./$(DEPDIR)/auth_rsa_export.Plo at am__quote@
> - @AMDEP_TRUE@@am__include@
> @am__quote at ./$(DEPDIR)/auth_rsa_psk.Plo at am__quote@
> @AMDEP_TRUE@@am__include@
> @am__quote at ./$(DEPDIR)/auth_srp.Plo at am__quote@
> @AMDEP_TRUE@@am__include@
> @am__quote at ./$(DEPDIR)/auth_srp_passwd.Plo at am__quote@
> @AMDEP_TRUE@@am__include@
> @am__quote at ./$(DEPDIR)/auth_srp_rsa.Plo at am__quote@
> --- 1168,1173 ----
> *** new/lib/auth_psk.c 2011-10-21 16:22:54.000000000 +0200
> --- old/lib/auth_psk.c 2010-08-01 22:37:50.000000000 +0200
> ***************
> *** 38,45 ****
> --- 38,49 ----
>
> int _gnutls_gen_psk_server_kx (gnutls_session_t session, opaque **
> data);
> int _gnutls_gen_psk_client_kx (gnutls_session_t, opaque **);
> +
> int _gnutls_proc_psk_client_kx (gnutls_session_t, opaque *, size_t);
>
> + int _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque *
> data,
> + size_t _data_size);
> +
> const mod_auth_st psk_auth_struct = {
> "PSK",
> NULL,
> *** new/lib/auth_psk.h 2011-10-21 16:22:54.000000000 +0200
> --- old/lib/auth_psk.h 2010-08-01 22:37:50.000000000 +0200
> ***************
> *** 69,80 ****
>
> int
> _gnutls_set_psk_session_key (gnutls_session_t session,
> gnutls_datum_t * psk2);
> - int
> - _gnutls_gen_psk_server_kx (gnutls_session_t session, opaque **
> data);
> - int
> - _gnutls_gen_psk_client_kx (gnutls_session_t session, opaque **
> data);
> - int
> - _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data,
> size_t _data_size);
> #else
> # define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR
> #endif /* ENABLE_PSK */
> --- 69,74 ----
> *** new/lib/auth_rsa.c 2011-10-21 16:22:54.000000000 +0200
> --- old/lib/auth_rsa.c 2010-08-01 22:37:50.000000000 +0200
> ***************
> *** 42,48 ****
> #include <gnutls_x509.h>
> #include <random.h>
> #include <gnutls_mpi.h>
> - #include <auth_rsa.h>
>
> int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **);
> int _gnutls_proc_rsa_client_kx (gnutls_session_t, opaque *, size_t);
> --- 42,47 ----
> ***************
> *** 66,72 ****
>
> /* This function reads the RSA parameters from peer's certificate;
> */
> ! int
> _gnutls_get_public_rsa_params (gnutls_session_t session,
> bigint_t params[MAX_PUBLIC_PARAMS_SIZE],
> int *params_len)
> --- 65,71 ----
>
> /* This function reads the RSA parameters from peer's certificate;
> */
> ! static int
> _gnutls_get_public_rsa_params (gnutls_session_t session,
> bigint_t params[MAX_PUBLIC_PARAMS_SIZE],
> int *params_len)
> ***************
> *** 147,153 ****
>
> /* This function reads the RSA parameters from the private key
> */
> ! int
> _gnutls_get_private_rsa_params (gnutls_session_t session,
> bigint_t ** params, int *params_size)
> {
> --- 146,152 ----
>
> /* This function reads the RSA parameters from the private key
> */
> ! static int
> _gnutls_get_private_rsa_params (gnutls_session_t session,
> bigint_t ** params, int *params_size)
> {
> *** new/lib/gnutls_algorithms.c 2011-10-21 16:22:54.000000000 +0200
> --- old/lib/gnutls_algorithms.c 2010-08-01 22:37:50.000000000 +0200
> ***************
> *** 51,57 ****
> {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE,
> GNUTLS_CRD_CERTIFICATE},
> {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
> {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
> - {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
> {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
> {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
> {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
> --- 51,56 ----
> ***************
> *** 91,97 ****
> {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
> {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
> {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
> - {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
> {0, 0, 0}
> };
>
> --- 90,95 ----
> ***************
> *** 273,279 ****
> extern mod_auth_st srp_auth_struct;
> extern mod_auth_st psk_auth_struct;
> extern mod_auth_st dhe_psk_auth_struct;
> - extern mod_auth_st rsa_psk_auth_struct;
> extern mod_auth_st srp_rsa_auth_struct;
> extern mod_auth_st srp_dss_auth_struct;
>
> --- 271,276 ----
> ***************
> *** 306,312 ****
> {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0},
> {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
> 1 /* needs DHE params */ , 0},
> - {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0, 0},
> #endif
> {0, 0, 0, 0, 0}
> };
> --- 303,308 ----
> ***************
> *** 328,334 ****
> #ifdef ENABLE_PSK
> GNUTLS_KX_PSK,
> GNUTLS_KX_DHE_PSK,
> - GNUTLS_KX_RSA_PSK,
> #endif
> 0
> };
> --- 324,329 ----
> ***************
> *** 397,406 ****
> #define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 }
> #define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 }
>
> - #define GNUTLS_RSA_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x92 }
> - #define GNUTLS_RSA_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x93 }
> - #define GNUTLS_RSA_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x94 }
> - #define GNUTLS_RSA_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x95 }
>
> /* SRP (rfc5054)
> */
> --- 392,397 ----
> ***************
> *** 562,585 ****
> GNUTLS_MAC_SHA1, GNUTLS_TLS1,
> GNUTLS_VERSION_MAX),
>
> - /* RSA-PSK */
> - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_ARCFOUR_SHA1,
> - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
> - GNUTLS_MAC_SHA1, GNUTLS_TLS1,
> - GNUTLS_VERSION_MAX),
> - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_3DES_EDE_CBC_SHA1,
> - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
> - GNUTLS_MAC_SHA1, GNUTLS_TLS1,
> - GNUTLS_VERSION_MAX),
> - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_AES_128_CBC_SHA1,
> - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
> - GNUTLS_MAC_SHA1, GNUTLS_TLS1,
> - GNUTLS_VERSION_MAX),
> - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_AES_256_CBC_SHA1,
> - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
> - GNUTLS_MAC_SHA1, GNUTLS_TLS1,
> - GNUTLS_VERSION_MAX),
> -
> /* SRP */
> GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
> GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
> --- 553,558 ----
> *** new/lib/gnutls_priority.c 2011-10-21 16:22:54.000000000 +0200
> --- old/lib/gnutls_priority.c 2010-09-26 15:34:09.000000000 +0200
> ***************
> *** 221,227 ****
> GNUTLS_KX_DHE_DSS,
> GNUTLS_KX_PSK,
> GNUTLS_KX_DHE_PSK,
> - GNUTLS_KX_RSA_PSK,
> GNUTLS_KX_SRP_RSA,
> GNUTLS_KX_SRP_DSS,
> GNUTLS_KX_SRP,
> --- 221,226 ----
> ***************
> *** 237,243 ****
> GNUTLS_KX_DHE_DSS,
> GNUTLS_KX_PSK,
> GNUTLS_KX_DHE_PSK,
> - GNUTLS_KX_RSA_PSK,
> GNUTLS_KX_SRP_RSA,
> GNUTLS_KX_SRP_DSS,
> GNUTLS_KX_SRP,
> --- 236,241 ----
> ***************
> *** 254,260 ****
> GNUTLS_KX_DHE_PSK,
> GNUTLS_KX_SRP_RSA,
> GNUTLS_KX_SRP_DSS,
> - GNUTLS_KX_RSA_PSK,
> GNUTLS_KX_RSA,
> GNUTLS_KX_PSK,
> GNUTLS_KX_SRP,
> --- 252,257 ----
> *** new/lib/gnutls_state.c 2011-10-21 16:22:54.000000000 +0200
> --- old/lib/gnutls_state.c 2010-08-01 22:37:50.000000000 +0200
> ***************
> *** 1240,1247 ****
> kx =
> _gnutls_cipher_suite_get_kx_algo (&session->
> security_parameters.current_cipher_suite);
> ! if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK
> ! || kx == GNUTLS_KX_RSA_PSK)
> return 1;
>
> return 0;
> --- 1240,1246 ----
> kx =
> _gnutls_cipher_suite_get_kx_algo (&session->
> security_parameters.current_cipher_suite);
> ! if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK)
> return 1;
>
> return 0;
> *** new/lib/includes/gnutls/gnutls.h.in 2011-10-21 16:22:52.000000000
> +0200
> --- old/lib/includes/gnutls/gnutls.h.in 2010-08-01 22:37:50.000000000
> +0200
> ***************
> *** 134,140 ****
> * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
> * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
> * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
> - * @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm.
> *
> * Enumeration of different key exchange algorithms.
> */
> --- 134,139 ----
> ***************
> *** 150,157 ****
> GNUTLS_KX_SRP_RSA = 7,
> GNUTLS_KX_SRP_DSS = 8,
> GNUTLS_KX_PSK = 9,
> ! GNUTLS_KX_DHE_PSK = 10,
> ! GNUTLS_KX_RSA_PSK = 11
> } gnutls_kx_algorithm_t;
>
> /**
> --- 149,155 ----
> GNUTLS_KX_SRP_RSA = 7,
> GNUTLS_KX_SRP_DSS = 8,
> GNUTLS_KX_PSK = 9,
> ! GNUTLS_KX_DHE_PSK = 10
> } gnutls_kx_algorithm_t;
>
> /**
>
>
More information about the Gnutls-devel
mailing list