/* * * query_node_info - collect information from a batch_status and * put it in a node_info struct for easier access * * node - a node returned from a pbs_statnode() call * * returns a node_info filled with information from node * */ node_info *query_node_info(struct batch_status *node, server_info *sinfo) { node_info *ninfo; /* the new node_info */ struct attrl *attrp; /* used to cycle though attribute list */ if ((ninfo = new_node_info()) == NULL) return NULL; attrp = node -> attribs; ninfo -> name = string_dup(node -> name); ninfo -> server = sinfo; while (attrp != NULL) { /* Node State... i.e. offline down free etc */ if (!strcmp(attrp -> name, ATTR_NODE_state)) set_node_state(ninfo, attrp -> value); /* properties from the servers nodes file */ else if (!strcmp(attrp -> name, ATTR_NODE_properties)) ninfo -> properties = break_comma_list(attrp -> value); /* the jobs running on the node */ else if (!strcmp(attrp -> name, ATTR_NODE_jobs)) ninfo -> jobs = break_comma_list(attrp -> value); /* the node type... i.e. timesharing or cluster */ else if (!strcmp(attrp -> name, ATTR_NODE_ntype)) set_node_type(ninfo, attrp -> value); attrp = attrp -> next; } return ninfo; }
/** * gnutls_priority_init: * @priority_cache: is a #gnutls_prioritity_t structure. * @priorities: is a string describing priorities * @err_pos: In case of an error this will have the position in the string the error occured * * Sets priorities for the ciphers, key exchange methods, macs and * compression methods. * * The #priorities option allows you to specify a colon * separated list of the cipher priorities to enable. * Some keywords are defined to provide quick access * to common preferences. * * Unless there is a special need, using "NORMAL" or "NORMAL:%COMPAT" for compatibility * is recommended. * * "PERFORMANCE" means all the "secure" ciphersuites are enabled, * limited to 128 bit ciphers and sorted by terms of speed * performance. * * "NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are * included as a fallback only. The ciphers are sorted by security * margin. * * "PFS" means all "secure" ciphersuites that support perfect forward secrecy. * The 256-bit ciphers are included as a fallback only. * The ciphers are sorted by security margin. * * "SECURE128" means all "secure" ciphersuites of security level 128-bit * or more. * * "SECURE192" means all "secure" ciphersuites of security level 192-bit * or more. * * "SUITEB128" means all the NSA SuiteB ciphersuites with security level * of 128. * * "SUITEB192" means all the NSA SuiteB ciphersuites with security level * of 192. * * "EXPORT" means all ciphersuites are enabled, including the * low-security 40 bit ciphers. * * "NONE" means nothing is enabled. This disables even protocols and * compression methods. * * Special keywords are "!", "-" and "+". * "!" or "-" appended with an algorithm will remove this algorithm. * "+" appended with an algorithm will add this algorithm. * * Check the GnuTLS manual section "Priority strings" for detailed * information. * * Examples: * * "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL" * * "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128. * * "SECURE128:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are * enabled, SSL3.0 is disabled, and libz compression enabled. * * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1", * * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1", * * "SECURE256:+SECURE128", * * Note that "NORMAL:%COMPAT" is the most compatible mode. * * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned, * %GNUTLS_E_SUCCESS on success, or an error code. **/ int gnutls_priority_init(gnutls_priority_t * priority_cache, const char *priorities, const char **err_pos) { char *broken_list[MAX_ELEMENTS]; int broken_list_size = 0, i = 0, j; char *darg = NULL; unsigned ikeyword_set = 0; int algo; rmadd_func *fn; bulk_rmadd_func *bulk_fn; *priority_cache = gnutls_calloc(1, sizeof(struct gnutls_priority_st)); if (*priority_cache == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } if (err_pos) *err_pos = priorities; /* for now unsafe renegotiation is default on everyone. To be removed * when we make it the default. */ (*priority_cache)->sr = SR_PARTIAL; (*priority_cache)->ssl3_record_version = 1; (*priority_cache)->max_empty_records = DEFAULT_MAX_EMPTY_RECORDS; if (priorities == NULL) priorities = LEVEL_NORMAL; darg = gnutls_strdup(priorities); if (darg == NULL) { gnutls_assert(); goto error; } break_comma_list(darg, broken_list, &broken_list_size, MAX_ELEMENTS, ':'); /* This is our default set of protocol version, certificate types and * compression methods. */ if (strcasecmp(broken_list[0], LEVEL_NONE) != 0) { _set_priority(&(*priority_cache)->protocol, protocol_priority); _set_priority(&(*priority_cache)->compression, comp_priority); _set_priority(&(*priority_cache)->cert_type, cert_type_priority_default); _set_priority(&(*priority_cache)->sign_algo, sign_priority_default); _set_priority(&(*priority_cache)->supported_ecc, supported_ecc_normal); i = 0; } else { ikeyword_set = 1; i = 1; } for (; i < broken_list_size; i++) { if (check_level(broken_list[i], *priority_cache, ikeyword_set) != 0) { ikeyword_set = 1; continue; } else if (broken_list[i][0] == '!' || broken_list[i][0] == '+' || broken_list[i][0] == '-') { if (broken_list[i][0] == '+') { fn = prio_add; bulk_fn = _add_priority; } else { fn = prio_remove; bulk_fn = _clear_priorities; } if (broken_list[i][0] == '+' && check_level(&broken_list[i][1], *priority_cache, 1) != 0) { continue; } else if ((algo = gnutls_mac_get_id(&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN) fn(&(*priority_cache)->mac, algo); else if ((algo = gnutls_cipher_get_id(&broken_list[i][1])) != GNUTLS_CIPHER_UNKNOWN) fn(&(*priority_cache)->cipher, algo); else if ((algo = gnutls_kx_get_id(&broken_list[i][1])) != GNUTLS_KX_UNKNOWN) fn(&(*priority_cache)->kx, algo); else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0) { if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0) { bulk_fn(&(*priority_cache)-> protocol, protocol_priority); } else if (strncasecmp (&broken_list[i][1], "VERS-DTLS-ALL", 13) == 0) { bulk_fn(&(*priority_cache)-> protocol, dtls_protocol_priority); } else { if ((algo = gnutls_protocol_get_id (&broken_list[i][6])) != GNUTLS_VERSION_UNKNOWN) fn(&(*priority_cache)-> protocol, algo); else goto error; } } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0) { if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0) { bulk_fn(&(*priority_cache)-> compression, comp_priority); } else { if ((algo = gnutls_compression_get_id (&broken_list[i][6])) != GNUTLS_COMP_UNKNOWN) fn(&(*priority_cache)-> compression, algo); else goto error; } } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "CURVE-", 6) == 0) { if (strncasecmp (&broken_list[i][1], "CURVE-ALL", 9) == 0) { bulk_fn(&(*priority_cache)-> supported_ecc, supported_ecc_normal); } else { if ((algo = _gnutls_ecc_curve_get_id (&broken_list[i][7])) != GNUTLS_ECC_CURVE_INVALID) fn(&(*priority_cache)-> supported_ecc, algo); else goto error; } } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0) { if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0) { bulk_fn(&(*priority_cache)-> cert_type, cert_type_priority_all); } else { if ((algo = gnutls_certificate_type_get_id (&broken_list[i][7])) != GNUTLS_CRT_UNKNOWN) fn(&(*priority_cache)-> cert_type, algo); else goto error; } } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0) { if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0) { bulk_fn(&(*priority_cache)-> sign_algo, sign_priority_default); } else { if ((algo = gnutls_sign_get_id (&broken_list[i][6])) != GNUTLS_SIGN_UNKNOWN) fn(&(*priority_cache)-> sign_algo, algo); else goto error; } } else if (strncasecmp (&broken_list[i][1], "MAC-ALL", 7) == 0) { bulk_fn(&(*priority_cache)->mac, mac_priority_normal); } else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 10) == 0) { bulk_fn(&(*priority_cache)->cipher, cipher_priority_normal); } else if (strncasecmp (&broken_list[i][1], "KX-ALL", 6) == 0) { bulk_fn(&(*priority_cache)->kx, kx_priority_secure); } else goto error; } else if (broken_list[i][0] == '%') { if (strcasecmp(&broken_list[i][1], "COMPAT") == 0) { ENABLE_COMPAT((*priority_cache)); } else if (strcasecmp(&broken_list[i][1], "DUMBFW") == 0) { (*priority_cache)->dumbfw = 1; } else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0) { (*priority_cache)->no_extensions = 1; } else if (strcasecmp (&broken_list[i][1], "STATELESS_COMPRESSION") == 0) { (*priority_cache)->stateless_compression = 1; } else if (strcasecmp (&broken_list[i][1], "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) { prio_add(&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); (*priority_cache)-> additional_verify_flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; } else if (strcasecmp (&broken_list[i][1], "VERIFY_DISABLE_CRL_CHECKS") == 0) { (*priority_cache)-> additional_verify_flags |= GNUTLS_VERIFY_DISABLE_CRL_CHECKS; } else if (strcasecmp (&broken_list[i][1], "SSL3_RECORD_VERSION") == 0) (*priority_cache)->ssl3_record_version = 1; else if (strcasecmp(&broken_list[i][1], "LATEST_RECORD_VERSION") == 0) (*priority_cache)->ssl3_record_version = 0; else if (strcasecmp(&broken_list[i][1], "VERIFY_ALLOW_X509_V1_CA_CRT") == 0) (*priority_cache)-> additional_verify_flags |= GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; else if (strcasecmp (&broken_list[i][1], "UNSAFE_RENEGOTIATION") == 0) { (*priority_cache)->sr = SR_UNSAFE; } else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0) { (*priority_cache)->sr = SR_SAFE; } else if (strcasecmp(&broken_list[i][1], "PARTIAL_RENEGOTIATION") == 0) { (*priority_cache)->sr = SR_PARTIAL; } else if (strcasecmp(&broken_list[i][1], "DISABLE_SAFE_RENEGOTIATION") == 0) { (*priority_cache)->sr = SR_DISABLED; } else if (strcasecmp(&broken_list[i][1], "SERVER_PRECEDENCE") == 0) { (*priority_cache)->server_precedence = 1; } else if (strcasecmp(&broken_list[i][1], "NEW_PADDING") == 0) { (*priority_cache)->new_record_padding = 1; } else goto error; } else goto error; } gnutls_free(darg); return 0; error: if (err_pos != NULL && i < broken_list_size) { *err_pos = priorities; for (j = 0; j < i; j++) { (*err_pos) += strlen(broken_list[j]) + 1; } } gnutls_free(darg); gnutls_free(*priority_cache); *priority_cache = NULL; return GNUTLS_E_INVALID_REQUEST; }
queue_info * query_queue_info(status *policy, struct batch_status *queue, server_info *sinfo) { struct attrl *attrp; /* linked list of attributes from server */ struct queue_info *qinfo; /* queue_info being created */ schd_resource *resp; /* resource in resource qres list */ char *endp; /* used with strtol() */ sch_resource_t count; /* used to convert string -> num */ if ((qinfo = new_queue_info(1)) == NULL) return NULL; if (qinfo->liminfo == NULL) return NULL; if ((qinfo->name = string_dup(queue->name)) == NULL) { free_queue_info(qinfo); return NULL; } attrp = queue->attribs; qinfo->server = sinfo; while (attrp != NULL) { if (!strcmp(attrp->name, ATTR_start)) { /* started */ if (!strcmp(attrp->value, ATR_TRUE)) qinfo->is_started = 1; else qinfo->is_started = 0; } else if (!strcmp(attrp->name, ATTR_HasNodes)) { if (!strcmp(attrp->value, ATR_TRUE)) { sinfo->has_nodes_assoc_queue = 1; qinfo->has_nodes = 1; } else qinfo->has_nodes = 0; } else if(!strcmp(attrp->name, ATTR_backfill_depth)) { qinfo->backfill_depth = strtol(attrp->value, NULL, 10); if(qinfo->backfill_depth > 0) policy->backfill = 1; } else if(!strcmp(attrp->name, ATTR_partition)) { if (attrp->value != NULL) { qinfo->partition = string_dup(attrp->value); if (qinfo->partition == NULL) { log_err(errno, __func__, MEM_ERR_MSG); free_queue_info(qinfo); return NULL; } } } else if (is_reslimattr(attrp)) { (void) lim_setlimits(attrp, LIM_RES, qinfo->liminfo); if(strstr(attrp->value, "u:") != NULL) sinfo->has_user_limit = 1; if(strstr(attrp->value, "g:") != NULL) sinfo->has_grp_limit = 1; if(strstr(attrp->value, "p:") != NULL) sinfo->has_proj_limit = 1; } else if (is_runlimattr(attrp)) { (void) lim_setlimits(attrp, LIM_RUN, qinfo->liminfo); if(strstr(attrp->value, "u:") != NULL) sinfo->has_user_limit = 1; if(strstr(attrp->value, "g:") != NULL) sinfo->has_grp_limit = 1; if(strstr(attrp->value, "p:") != NULL) sinfo->has_proj_limit = 1; } else if (is_oldlimattr(attrp)) { char *limname = convert_oldlim_to_new(attrp); (void) lim_setlimits(attrp, LIM_OLD, qinfo->liminfo); if(strstr(limname, "u:") != NULL) sinfo->has_user_limit = 1; if(strstr(limname, "g:") != NULL) sinfo->has_grp_limit = 1; /* no need to check for project limits because there were no old style project limits */ } else if (!strcmp(attrp->name, ATTR_p)) { /* priority */ count = strtol(attrp->value, &endp, 10); if (*endp != '\0') count = -1; qinfo->priority = count; } else if (!strcmp(attrp->name, ATTR_qtype)) { /* queue_type */ if (!strcmp(attrp->value, "Execution")) { qinfo->is_exec = 1; qinfo->is_route = 0; } else if (!strcmp(attrp->value, "Route")) { qinfo->is_route = 1; qinfo->is_exec = 0; } } else if (!strcmp(attrp->name, ATTR_NodeGroupKey)) qinfo->node_group_key = break_comma_list(attrp->value); else if (!strcmp(attrp->name, ATTR_rescavail)) { /* resources_available*/ #ifdef NAS /* localmod 040 */ if (!strcmp(attrp->resource, ATTR_ignore_nodect_sort)) { if (!strcmp(attrp->value, ATR_TRUE)) qinfo->ignore_nodect_sort = 1; else qinfo->ignore_nodect_sort = 0; resp = NULL; }/* localmod 038 */ else if (!strcmp(attrp->resource, ATTR_topjob_setaside)) { if (!strcmp(attrp->value, ATR_TRUE)) qinfo->is_topjob_set_aside = 1; else qinfo->is_topjob_set_aside = 0; resp = NULL; } else #endif resp = find_alloc_resource_by_str(qinfo->qres, attrp->resource); if (resp != NULL) { if (qinfo->qres == NULL) qinfo->qres = resp; if (set_resource(resp, attrp->value, RF_AVAIL) == 0) { free_queue_info(qinfo); return NULL; } qinfo->has_resav_limit = 1; } } else if (!strcmp(attrp->name, ATTR_rescassn)) { /* resources_assigned */ resp = find_alloc_resource_by_str(qinfo->qres, attrp->resource); if (qinfo->qres == NULL) qinfo->qres = resp; if (resp != NULL) { if (set_resource(resp, attrp->value, RF_ASSN) == 0) { free_queue_info(qinfo); return NULL; } } } #ifdef NAS /* localmod 046 */ else if (!strcmp(attrp->name, ATTR_maxstarve)) { time_t starve; starve = site_decode_time(attrp->value); qinfo->max_starve = starve; } /* localmod 034 */ else if (!strcmp(attrp->name, ATTR_maxborrow)) { time_t borrow; borrow = site_decode_time(attrp->value); qinfo->max_borrow = borrow; } #endif attrp = attrp->next; } if (has_hardlimits(qinfo->liminfo)) qinfo->has_hard_limit = 1; if (has_softlimits(qinfo->liminfo)) qinfo->has_soft_limit = 1; return qinfo; }
/** * gnutls_priority_init - Sets priorities for the cipher suites supported by gnutls. * @priority_cache: is a #gnutls_prioritity_t structure. * @priorities: is a string describing priorities * @err_pos: In case of an error this will have the position in the string the error occured * * Sets priorities for the ciphers, key exchange methods, macs and * compression methods. This is to avoid using the * gnutls_*_priority() functions. * * The #priorities option allows you to specify a semi-colon * separated list of the cipher priorities to enable. * * Unless the first keyword is "NONE" the defaults are: * Protocols: TLS1.1, TLS1.0, and SSL3.0. * Compression: NULL. * Certificate types: X.509, OpenPGP. * * You can also use predefined sets of ciphersuites: "PERFORMANCE" * all the "secure" ciphersuites are enabled, limited to 128 bit * ciphers and sorted by terms of speed performance. * * "NORMAL" option enables all "secure" ciphersuites. The 256-bit ciphers * are included as a fallback only. The ciphers are sorted by security margin. * * "SECURE128" flag enables all "secure" ciphersuites with ciphers up to * 128 bits, sorted by security margin. * * "SECURE256" flag enables all "secure" ciphersuites including the 256 bit * ciphers, sorted by security margin. * * "EXPORT" all the ciphersuites are enabled, including the * low-security 40 bit ciphers. * * "NONE" nothing is enabled. This disables even protocols and * compression methods. * * Special keywords: * '!' or '-' appended with an algorithm will remove this algorithm. * '+' appended with an algorithm will add this algorithm. * '%COMPAT' will enable compatibility features for a server. * * To avoid collisions in order to specify a compression algorithm in * this string you have to prefix it with "COMP-", protocol versions * with "VERS-" and certificate types with "CTYPE-". All other * algorithms don't need a prefix. * * For key exchange algorithms when in NORMAL or SECURE levels the * perfect forward secrecy algorithms take precendence of the other * protocols. In all cases all the supported key exchange algorithms * are enabled (except for the RSA-EXPORT which is only enabled in * EXPORT level). * * Note that although one can select very long key sizes (such as 256 bits) * for symmetric algorithms, to actually increase security the public key * algorithms have to use longer key sizes as well. * * Examples: "NORMAL:!AES-128-CBC", * "EXPORT:!VERS-TLS1.0:+COMP-DEFLATE:+CTYPE-OPENPGP", * "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL", "NORMAL", * "NORMAL:%COMPAT". * * Returns: On syntax error GNUTLS_E_INVALID_REQUEST is returned and * 0 on success. **/ int gnutls_priority_init (gnutls_priority_t * priority_cache, const char *priorities, const char **err_pos) { char *broken_list[MAX_ELEMENTS]; int broken_list_size, i, j; char *darg; int algo; rmadd_func *fn; *priority_cache = gnutls_calloc (1, sizeof (struct gnutls_priority_st)); if (*priority_cache == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } if (priorities == NULL) priorities = "NORMAL"; darg = gnutls_strdup (priorities); if (darg == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } break_comma_list (darg, broken_list, &broken_list_size, MAX_ELEMENTS, ':'); /* This is our default set of protocol version, certificate types and * compression methods. */ if (strcasecmp (broken_list[0], "NONE") != 0) { _set_priority (&(*priority_cache)->protocol, protocol_priority); _set_priority (&(*priority_cache)->compression, comp_priority); _set_priority (&(*priority_cache)->cert_type, cert_type_priority); } for (i = 0; i < broken_list_size; i++) { if (strcasecmp (broken_list[i], "PERFORMANCE") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_performance); _set_priority (&(*priority_cache)->kx, kx_priority_performance); _set_priority (&(*priority_cache)->mac, mac_priority_performance); } else if (strcasecmp (broken_list[i], "NORMAL") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_normal); _set_priority (&(*priority_cache)->kx, kx_priority_secure); _set_priority (&(*priority_cache)->mac, mac_priority_secure); } else if (strcasecmp (broken_list[i], "SECURE256") == 0 || strcasecmp (broken_list[i], "SECURE") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_secure256); _set_priority (&(*priority_cache)->kx, kx_priority_secure); _set_priority (&(*priority_cache)->mac, mac_priority_secure); } else if (strcasecmp (broken_list[i], "SECURE128") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_secure128); _set_priority (&(*priority_cache)->kx, kx_priority_secure); _set_priority (&(*priority_cache)->mac, mac_priority_secure); } else if (strcasecmp (broken_list[i], "EXPORT") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_export); _set_priority (&(*priority_cache)->kx, kx_priority_export); _set_priority (&(*priority_cache)->mac, mac_priority_secure); } /* now check if the element is something like -ALGO */ else if (broken_list[i][0] == '!' || broken_list[i][0] == '+' || broken_list[i][0] == '-') { if (broken_list[i][0] == '+') fn = prio_add; else fn = prio_remove; if ((algo = gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN) fn (&(*priority_cache)->mac, algo); else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) != GNUTLS_CIPHER_UNKNOWN) fn (&(*priority_cache)->cipher, algo); else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) != GNUTLS_KX_UNKNOWN) fn (&(*priority_cache)->kx, algo); else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0) { if ((algo = gnutls_protocol_get_id (&broken_list[i][6])) != GNUTLS_VERSION_UNKNOWN) fn (&(*priority_cache)->protocol, algo); } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0) { if ((algo = gnutls_compression_get_id (&broken_list[i][6])) != GNUTLS_COMP_UNKNOWN) fn (&(*priority_cache)->compression, algo); } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0) { if ((algo = gnutls_certificate_type_get_id (&broken_list[i][7])) != GNUTLS_CRT_UNKNOWN) fn (&(*priority_cache)->cert_type, algo); } /* now check if the element is something like -ALGO */ else goto error; } else if (broken_list[i][0] == '%') { if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) (*priority_cache)->no_padding = 1; else goto error; } else goto error; } gnutls_free (darg); return 0; error: if (err_pos != NULL && i < broken_list_size) { *err_pos = priorities; for (j = 0; j < i; j++) { (*err_pos) += strlen (broken_list[j]) + 1; } } gnutls_free (darg); return GNUTLS_E_INVALID_REQUEST; }