From 2a86d1ef1aae29037704c4b26fd79f9fb64c747f Mon Sep 17 00:00:00 2001 From: lloyd Date: Thu, 28 Feb 2013 20:49:20 +0000 Subject: Blocking_Client fixes. Add relnote --- doc/relnotes/1_11_2.rst | 37 ++++++++++++++++++++++++++----------- src/tls/info.txt | 2 ++ src/tls/tls_blocking.cpp | 10 +--------- src/tls/tls_blocking.h | 7 +------ src/tls/tls_policy.h | 4 +++- 5 files changed, 33 insertions(+), 27 deletions(-) diff --git a/doc/relnotes/1_11_2.rst b/doc/relnotes/1_11_2.rst index 95a86cbdf..d73198f4b 100644 --- a/doc/relnotes/1_11_2.rst +++ b/doc/relnotes/1_11_2.rst @@ -1,14 +1,12 @@ Version 1.11.2, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* The default TLS policy formerly preferred AES over RC4, and allowed - 3DES by default. Now the default policy is to negotiate only either - AES or RC4, and to prefer RC4. +* A bug in the release script caused the `botan_version.py` included + in :doc:`1.11.1 <1_11_1>` to be invalid, which required a manual + edit to fix (:pr:`226`) -* The new filter :cpp:class:`Threaded_Fork` acts like a normal - :cpp:class:`Fork,` sending its input to a number of different - filters, but each subchain of filters in the fork runs in its own - thread. Contributed by Joel Low. +Memory Zeroization Changes +"""""""""""""""""""""""""""""""""""""""" * Previously `clear_mem` was implemented by an inlined call to `std::memset`. However an optimizing compiler might notice cases @@ -19,14 +17,31 @@ Version 1.11.2, Not Yet Released something like LTO) might still skip the writes. It would be nice if there was an automated way to test this. +New Parallel Filter +"""""""""""""""""""""""""""""""""""""""" + +* The new filter :cpp:class:`Threaded_Fork` acts like a normal + :cpp:class:`Fork,` sending its input to a number of different + filters, but each subchain of filters in the fork runs in its own + thread. Contributed by Joel Low. + +TLS Enhancements and Bug Fixes +"""""""""""""""""""""""""""""""""""""""" + +* The default TLS policy formerly preferred AES over RC4, and allowed + 3DES by default. Now the default policy is to negotiate only either + AES or RC4, and to prefer RC4. + +* New TLS :cpp:class:`Blocking_Client` provides a thread per + connection style API similar to that provided in 1.10 + +Other API Changes +"""""""""""""""""""""""""""""""""""""""" + * The API of `Credentials_Manager::trusted_certificate_authorities` has changed to return a vector of `Certificate_Store*` instead of `X509_Certificate`. This allows the list of trusted CAs to be more easily updated dynamically or loaded lazily. -* A bug in the release script caused the `botan_version.py` included - in :doc:`1.11.1 <1_11_1>` to be invalid, which required a manual - edit to fix (:pr:`226`) - * The `asn1_int.h` header was split into `asn1_alt_name.h`, `asn1_attribute.h` and `asn1_time.h`. diff --git a/src/tls/info.txt b/src/tls/info.txt index 47de42598..5bc64b44e 100644 --- a/src/tls/info.txt +++ b/src/tls/info.txt @@ -9,6 +9,7 @@ serious bugs or security issues. tls_alert.h +tls_blocking.h tls_channel.h tls_ciphersuite.h tls_client.h @@ -49,6 +50,7 @@ msg_server_hello.cpp msg_server_kex.cpp msg_session_ticket.cpp tls_alert.cpp +tls_blocking.cpp tls_channel.cpp tls_ciphersuite.cpp tls_client.cpp diff --git a/src/tls/tls_blocking.cpp b/src/tls/tls_blocking.cpp index e0f31b1ca..ee94f086e 100644 --- a/src/tls/tls_blocking.cpp +++ b/src/tls/tls_blocking.cpp @@ -25,7 +25,7 @@ Blocking_Client::Blocking_Client(std::function read_fn, m_read_fn(read_fn), m_channel(write_fn, std::bind(&Blocking_Client::process_data, this, _1, _2, _3), - std::bind(&Blocking_Client::handshake_complete, this, _1, _2, _3), + std::bind(&Blocking_Client::handshake_complete, this, _1), session_manager, creds, policy, @@ -36,14 +36,6 @@ Blocking_Client::Blocking_Client(std::function read_fn, { } -#if 0 -Blocking_Client::Blocking_Client(std::function read_fn, - std::function write_fn, - const TLS_Policy& policy, - RandomNumberGenerator& rng) : - m_read_fn(read_fn) -#endif - bool Blocking_Client::handshake_complete_cb(const Session& session) { return this->handshake_complete(session); diff --git a/src/tls/tls_blocking.h b/src/tls/tls_blocking.h index d024cf894..955413be1 100644 --- a/src/tls/tls_blocking.h +++ b/src/tls/tls_blocking.h @@ -36,12 +36,6 @@ class BOTAN_DLL Blocking_Client std::function)> next_protocol = std::function)>()); - // Constructor like the 1.10 Client API - Blocking_Client(std::function read_fn, - std::function write_fn, - const Policy& policy, - RandomNumberGenerator& rng); - size_t currently_readable() const { return m_plaintext.size(); } size_t read(byte buf[], size_t buf_len); // blocking read @@ -70,6 +64,7 @@ class BOTAN_DLL Blocking_Client * Can override to get notification of alerts */ virtual void alert_notification(const Alert&) {} + private: bool handshake_complete_cb(const Session&); diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h index cc02dd9b1..125faa665 100644 --- a/src/tls/tls_policy.h +++ b/src/tls/tls_policy.h @@ -62,9 +62,11 @@ class BOTAN_DLL Policy virtual std::vector allowed_ecc_curves() const; /** - * Returns a list of signature algorithms we are willing to use, + * Returns a list of compression algorithms we are willing to use, * in order of preference. Allowed values any value of * Compression_Method. + * + * @note Compression is not currently supported */ virtual std::vector compression() const; -- cgit v1.2.3