Changeset 59c03bd


Ignore:
Timestamp:
2012-01-03T23:53:28Z (7 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
7615726
Parents:
6451d27
Message:

A few more SSL fixes merged from AopicieR. This also fixes OpenSSL compile
issues (bug #881).

Location:
lib
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • lib/ssl_gnutls.c

    r6451d27 r59c03bd  
    7979        {
    8080                gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
    81                 /* TODO: Do we want/need this? */
     81               
     82                /* Not needed in GnuTLS 2.11+ but we support older versions for now. */
    8283                gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
    8384        }
     
    191192#endif
    192193
    193         /* The following check is already performed inside
    194          * gnutls_certificate_verify_peers2, so we don't need it.
    195 
    196          * if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 )
    197          * return GNUTLS_E_CERTIFICATE_ERROR;
    198          */
    199 
    200         if( gnutls_x509_crt_init( &cert ) < 0 )
     194        if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 || gnutls_x509_crt_init( &cert ) < 0 )
    201195                return VERIFY_CERT_ERROR;
    202196
  • lib/ssl_openssl.c

    r6451d27 r59c03bd  
    3131#include <openssl/err.h>
    3232
     33#include "bitlbee.h"
    3334#include "proxy.h"
    3435#include "ssl_client.h"
     
    117118{
    118119        struct scd *conn = data;
    119         SSL_METHOD *meth;
     120        const SSL_METHOD *meth;
    120121       
    121122        /* Right now we don't have any verification functionality for OpenSSL. */
Note: See TracChangeset for help on using the changeset viewer.