From ccf4463f343a9394a22833ee1de7886e459d3c91 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 28 Nov 2022 12:17:12 +0900
Subject: [PATCH 1/3] includes: move KTLS function definition out of
 <gnutls/socket.h>

<gnutls/socket.h> is meant for the functions that depend on
<sys/socket.h>, which is not available on Windows platforms.

As the KTLS API doesn't rely on <sys/socket.h>, move the function and
enum to <gnutls/gnutls.h>.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 lib/includes/gnutls/gnutls.h.in | 21 +++++++++++++++++++++
 lib/includes/gnutls/socket.h    | 21 ---------------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 394d465e3..830ce5f95 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -3421,6 +3421,27 @@ int gnutls_fips140_pop_context(void);
 
 int gnutls_fips140_run_self_tests(void);
 
+/**
+ * gnutls_transport_ktls_enable_flags_t:
+ * @GNUTLS_KTLS_RECV: ktls enabled for recv function.
+ * @GNUTLS_KTLS_SEND: ktls enabled for send function.
+ * @GNUTLS_KTLS_DUPLEX: ktls enabled for both recv and send functions.
+ *
+ * Flag enumeration of ktls enable status for recv and send functions.
+ * This is used by gnutls_transport_is_ktls_enabled().
+ *
+ * Since: 3.7.3
+ */
+typedef enum {
+	GNUTLS_KTLS_RECV = 1 << 0,
+	GNUTLS_KTLS_SEND = 1 << 1,
+	GNUTLS_KTLS_DUPLEX = GNUTLS_KTLS_RECV | GNUTLS_KTLS_SEND,
+} gnutls_transport_ktls_enable_flags_t;
+
+
+gnutls_transport_ktls_enable_flags_t
+gnutls_transport_is_ktls_enabled(gnutls_session_t session);
+
   /* Gnutls error codes. The mapping to a TLS alert is also shown in
    * comments.
    */
diff --git a/lib/includes/gnutls/socket.h b/lib/includes/gnutls/socket.h
index 4df7bb2e0..64eb19f89 100644
--- a/lib/includes/gnutls/socket.h
+++ b/lib/includes/gnutls/socket.h
@@ -37,27 +37,6 @@ extern "C" {
 #endif
 /* *INDENT-ON* */
 
-/**
- * gnutls_transport_ktls_enable_flags_t:
- * @GNUTLS_KTLS_RECV: ktls enabled for recv function.
- * @GNUTLS_KTLS_SEND: ktls enabled for send function.
- * @GNUTLS_KTLS_DUPLEX: ktls enabled for both recv and send functions.
- *
- * Flag enumeration of ktls enable status for recv and send functions.
- * This is used by gnutls_transport_is_ktls_enabled().
- *
- * Since: 3.7.3
- */
-typedef enum {
-	GNUTLS_KTLS_RECV = 1 << 0,
-	GNUTLS_KTLS_SEND = 1 << 1,
-	GNUTLS_KTLS_DUPLEX = GNUTLS_KTLS_RECV | GNUTLS_KTLS_SEND,
-} gnutls_transport_ktls_enable_flags_t;
-
-
-gnutls_transport_ktls_enable_flags_t
-gnutls_transport_is_ktls_enabled(gnutls_session_t session);
-
 void gnutls_transport_set_fastopen(gnutls_session_t session,
                                    int fd,
                                    struct sockaddr *connect_addr,
-- 
2.38.1


From 90b036e82a95f9379d99d5cabd0e33905d1e3ddc Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 28 Nov 2022 12:13:31 +0900
Subject: [PATCH 2/3] src: print KTLS enablement status in
 gnutls-serv/gnutls-cli

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 src/common.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/common.c b/src/common.c
index 6d2056f95..d357c7fb8 100644
--- a/src/common.c
+++ b/src/common.c
@@ -498,6 +498,7 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 	gnutls_datum_t p;
 	char *desc;
 	gnutls_protocol_t version;
+	gnutls_transport_ktls_enable_flags_t ktls_flags;
 	int rc;
 
 	desc = gnutls_session_get_desc(session);
@@ -646,6 +647,15 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 
 	print_channel_bindings(session, verbose);
 
+	ktls_flags = gnutls_transport_is_ktls_enabled(session);
+	if (ktls_flags != 0) {
+		log_msg(stdout, "- KTLS: %s\n",
+			(ktls_flags & GNUTLS_KTLS_DUPLEX) == GNUTLS_KTLS_DUPLEX ? "send, recv" :
+			(ktls_flags & GNUTLS_KTLS_SEND) == GNUTLS_KTLS_SEND ? "send" :
+			(ktls_flags & GNUTLS_KTLS_RECV) == GNUTLS_KTLS_RECV ? "recv" :
+			"unknown");
+	}
+
 	fflush(stdout);
 
 	return 0;
-- 
2.38.1


From aefd7319c0b7b2410d06238246b7755b289e4837 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 28 Nov 2022 12:15:26 +0900
Subject: [PATCH 3/3] priority: accept "ktls = false" in configuration file

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 lib/priority.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/priority.c b/lib/priority.c
index 97831e63b..6266bb571 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -1548,6 +1548,8 @@ static int global_ini_handler(void *ctx, const char *section, const char *name,
 			p = clear_spaces(value, str);
 			if (c_strcasecmp(p, "true") == 0) {
 				cfg->ktls_enabled = true;
+			} else if (c_strcasecmp(p, "false") == 0) {
+				cfg->ktls_enabled = false;
 			} else {
 				_gnutls_debug_log("cfg: unknown ktls mode %s\n",
 					p);
-- 
2.38.1