Changes in lib/ssl_gnutls.c [8f976e6:2fb1262]

File:

• lib/ssl_gnutls.c (modified) (11 diffs)

lib/ssl_gnutls.c

@@ -38 +38 @@
 
 static gboolean initialized = FALSE;
-gnutls_certificate_credentials xcred;
+gnutls_certificate_credentials_t xcred;
 
 #include <limits.h>
@@ -60 +60 @@
         gboolean verify;
         
-        gnutls_session session;
+        gnutls_session_t session;
 };
 
@@ -85 +85 @@
                 gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
                 
-                /* Not needed in GnuTLS 2.11+ (enabled by default there) so
-                   don't do it (resets possible other defaults). */
-                if( !gnutls_check_version( "2.11" ) )
-                        gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
+                /* Not needed in GnuTLS 2.11+ but we support older versions for now. */
+                gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
         }
         initialized = TRUE;
@@ -110 +108 @@
         struct scd *conn = g_new0( struct scd, 1 );
         
+        conn->fd = proxy_connect( host, port, ssl_connected, conn );
         conn->func = func;
         conn->data = data;
@@ -115 +114 @@
         conn->hostname = g_strdup( host );
         conn->verify = verify && global.conf->cafile;
-        conn->fd = proxy_connect( host, port, ssl_connected, conn );
         
         if( conn->fd < 0 )
@@ -134 +132 @@
         conn->data = data;
         conn->inpa = -1;
-        conn->hostname = hostname;
+        conn->hostname = g_strdup( hostname );
         
         /* For now, SSL verification is globally enabled by setting the cafile
@@ -171 +169 @@
         int verifyret = 0;
         gnutls_x509_crt_t cert;
-        const char *hostname;
-        
-        hostname = gnutls_session_get_ptr( session );
+        struct scd *conn;
+        
+        conn = gnutls_session_get_ptr( session );
 
         gnutlsret = gnutls_certificate_verify_peers2( session, &status );
@@ -211 +209 @@
                 return VERIFY_CERT_ERROR;
 
-        if( !gnutls_x509_crt_check_hostname( cert, hostname ) )
+        if( !gnutls_x509_crt_check_hostname( cert, conn->hostname ) )
         {
                 verifyret |= VERIFY_CERT_INVALID;
@@ -267 +265 @@
         
         gnutls_init( &conn->session, GNUTLS_CLIENT );
-        if( conn->verify )
-                gnutls_session_set_ptr( conn->session, (void *) conn->hostname );
+        gnutls_session_set_ptr( conn->session, (void *) conn );
 #if GNUTLS_VERSION_NUMBER < 0x020c00
         gnutls_transport_set_lowat( conn->session, 0 );
@@ -276 +273 @@
         
         sock_make_nonblocking( conn->fd );
-        gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) GNUTLS_STUPID_CAST conn->fd );
+        gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr_t) GNUTLS_STUPID_CAST conn->fd );
         
         return ssl_handshake( data, source, cond );
@@ -402 +399 @@
         if( conn->session )
                 gnutls_deinit( conn->session );
+        g_free( conn->hostname );
         g_free( conn );
 }