Changes in lib/ssl_gnutls.c [8f976e6:2fb1262]
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
lib/ssl_gnutls.c
r8f976e6 r2fb1262 38 38 39 39 static gboolean initialized = FALSE; 40 gnutls_certificate_credentials xcred;40 gnutls_certificate_credentials_t xcred; 41 41 42 42 #include <limits.h> … … 60 60 gboolean verify; 61 61 62 gnutls_session session;62 gnutls_session_t session; 63 63 }; 64 64 … … 85 85 gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM ); 86 86 87 /* Not needed in GnuTLS 2.11+ (enabled by default there) so 88 don't do it (resets possible other defaults). */ 89 if( !gnutls_check_version( "2.11" ) ) 90 gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT ); 87 /* Not needed in GnuTLS 2.11+ but we support older versions for now. */ 88 gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT ); 91 89 } 92 90 initialized = TRUE; … … 110 108 struct scd *conn = g_new0( struct scd, 1 ); 111 109 110 conn->fd = proxy_connect( host, port, ssl_connected, conn ); 112 111 conn->func = func; 113 112 conn->data = data; … … 115 114 conn->hostname = g_strdup( host ); 116 115 conn->verify = verify && global.conf->cafile; 117 conn->fd = proxy_connect( host, port, ssl_connected, conn );118 116 119 117 if( conn->fd < 0 ) … … 134 132 conn->data = data; 135 133 conn->inpa = -1; 136 conn->hostname = hostname;134 conn->hostname = g_strdup( hostname ); 137 135 138 136 /* For now, SSL verification is globally enabled by setting the cafile … … 171 169 int verifyret = 0; 172 170 gnutls_x509_crt_t cert; 173 const char *hostname;174 175 hostname= gnutls_session_get_ptr( session );171 struct scd *conn; 172 173 conn = gnutls_session_get_ptr( session ); 176 174 177 175 gnutlsret = gnutls_certificate_verify_peers2( session, &status ); … … 211 209 return VERIFY_CERT_ERROR; 212 210 213 if( !gnutls_x509_crt_check_hostname( cert, hostname ) )211 if( !gnutls_x509_crt_check_hostname( cert, conn->hostname ) ) 214 212 { 215 213 verifyret |= VERIFY_CERT_INVALID; … … 267 265 268 266 gnutls_init( &conn->session, GNUTLS_CLIENT ); 269 if( conn->verify ) 270 gnutls_session_set_ptr( conn->session, (void *) conn->hostname ); 267 gnutls_session_set_ptr( conn->session, (void *) conn ); 271 268 #if GNUTLS_VERSION_NUMBER < 0x020c00 272 269 gnutls_transport_set_lowat( conn->session, 0 ); … … 276 273 277 274 sock_make_nonblocking( conn->fd ); 278 gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr ) GNUTLS_STUPID_CAST conn->fd );275 gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr_t) GNUTLS_STUPID_CAST conn->fd ); 279 276 280 277 return ssl_handshake( data, source, cond ); … … 402 399 if( conn->session ) 403 400 gnutls_deinit( conn->session ); 401 g_free( conn->hostname ); 404 402 g_free( conn ); 405 403 }
Note: See TracChangeset
for help on using the changeset viewer.