[glib-networking/mcatanzaro/tls-exporter: 1/2] Finalize implementation of G_TLS_CHANNEL_BINDING_TLS_EXPORTER

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/mcatanzaro/tls-exporter: 1/2] Finalize implementation of G_TLS_CHANNEL_BINDING_TLS_EXPORTER
Date: Fri, 5 Aug 2022 21:19:58 +0000 (UTC)

commit 1d4cf09f41d9ca8a6fdf9216555c7a0e68eccbeb
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Fri Aug 5 16:13:58 2022 -0500

    Finalize implementation of G_TLS_CHANNEL_BINDING_TLS_EXPORTER
    
    Instead of hiding it behind a secret dummy value, let's implement the
    real deal.
    
    Also, remove some misplaced fallthrough comments.
    
    Depends on: glib!2853
    
    Fixes #191

 meson.build                          |  2 +-
 tls/gnutls/gtlsconnection-gnutls.c   | 10 ++--------
 tls/openssl/gtlsconnection-openssl.c |  8 ++------
 tls/tests/connection.c               |  8 ++++----
 4 files changed, 9 insertions(+), 19 deletions(-)
---
diff --git a/meson.build b/meson.build
index b51bc852..86f03b0f 100644
--- a/meson.build
+++ b/meson.build
@@ -49,7 +49,7 @@ if host_system.contains('linux') or host_system == 'android'
 endif
 
 # *** Check GLib GIO        ***
-glib_dep = dependency('glib-2.0', version: '>= 2.69.0',
+glib_dep = dependency('glib-2.0', version: '>= 2.73.3',
   fallback: ['glib', 'libglib_dep'])
 gio_dep = dependency('gio-2.0',
   fallback: ['glib', 'libgio_dep'])
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 5c3bee5a..6dec9347 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -1331,8 +1331,6 @@ gnutls_get_binding_tls_server_end_point (GTlsConnectionGnutls  *gnutls,
 #define RFC5705_LABEL_LEN 24
 #endif
 
-/* Experimental binding for TLS1.3, see
- * https://datatracker.ietf.org/doc/draft-ietf-kitten-tls-channel-bindings-for-tls13 */
 static gboolean
 gnutls_get_binding_tls_exporter (GTlsConnectionGnutls  *gnutls,
                                  GByteArray            *data,
@@ -1373,18 +1371,14 @@ g_tls_connection_gnutls_get_channel_binding_data (GTlsConnectionBase      *tls,
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
 
-  /* XXX: remove the cast once public enum supports exporter */
-  switch ((int)type)
+  switch (type)
     {
     case G_TLS_CHANNEL_BINDING_TLS_UNIQUE:
       return gnutls_get_binding_tls_unique (gnutls, data, error);
-      /* fall through */
     case G_TLS_CHANNEL_BINDING_TLS_SERVER_END_POINT:
       return gnutls_get_binding_tls_server_end_point (gnutls, data, error);
-      /* fall through */
-    case 100500:
+    case G_TLS_CHANNEL_BINDING_TLS_EXPORTER:
       return gnutls_get_binding_tls_exporter (gnutls, data, error);
-      /* fall through */
     default:
       /* Anyone to implement tls-unique-for-telnet? */
       g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_IMPLEMENTED,
diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
index de834bf1..0232189b 100644
--- a/tls/openssl/gtlsconnection-openssl.c
+++ b/tls/openssl/gtlsconnection-openssl.c
@@ -796,18 +796,14 @@ g_tls_connection_openssl_get_channel_binding_data (GTlsConnectionBase      *tls,
 {
   GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
 
-  /* XXX: remove the cast once public enum supports exporter */
-  switch ((int)type)
+  switch (type)
     {
     case G_TLS_CHANNEL_BINDING_TLS_UNIQUE:
       return openssl_get_binding_tls_unique (openssl, data, error);
-      /* fall through */
     case G_TLS_CHANNEL_BINDING_TLS_SERVER_END_POINT:
       return openssl_get_binding_tls_server_end_point (openssl, data, error);
-      /* fall through */
-    case 100500:
+    case G_TLS_CHANNEL_BINDING_TLS_EXPORTER:
       return openssl_get_binding_tls_exporter (openssl, data, error);
-      /* fall through */
     default:
       /* Anyone to implement tls-unique-for-telnet? */
       g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_IMPLEMENTED,
diff --git a/tls/tests/connection.c b/tls/tests/connection.c
index f6f1cf87..0f8aa2d4 100644
--- a/tls/tests/connection.c
+++ b/tls/tests/connection.c
@@ -2752,17 +2752,17 @@ test_connection_binding_match_tls_exporter (TestConnection *test,
 
   /* Smoke test: ensure both sides support tls-exporter */
   g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
-                                                    (GTlsChannelBindingType)100500, NULL, NULL));
+                                                    G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL));
   g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
-                                                    (GTlsChannelBindingType)100500, NULL, NULL));
+                                                    G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL));
 
   /* Real test: retrieve bindings and compare */
   client_cb = g_byte_array_new ();
   server_cb = g_byte_array_new ();
   g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
-                                                    (GTlsChannelBindingType)100500, client_cb, NULL));
+                                                    G_TLS_CHANNEL_BINDING_TLS_EXPORTER, client_cb, NULL));
   g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
-                                                    (GTlsChannelBindingType)100500, server_cb, NULL));
+                                                    G_TLS_CHANNEL_BINDING_TLS_EXPORTER, server_cb, NULL));
 
   client_b64 = g_base64_encode (client_cb->data, client_cb->len);
   server_b64 = g_base64_encode (server_cb->data, server_cb->len);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]