Changeset 59c03bd

Timestamp:

2012-01-03T23:53:28Z (12 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

7615726

Parents:

6451d27

Message:

A few more SSL fixes merged from AopicieR. This also fixes OpenSSL compile
issues (bug #881).

Location:

lib

Files:

• ssl_gnutls.c (modified) (2 diffs)
• ssl_openssl.c (modified) (2 diffs)

lib/ssl_gnutls.c

@@ -79 +79 @@
         {
                 gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
-                /* TODO: Do we want/need this? */
+                
+                /* Not needed in GnuTLS 2.11+ but we support older versions for now. */
                 gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
         }
@@ -191 +192 @@
 #endif
 
-        /* The following check is already performed inside 
-         * gnutls_certificate_verify_peers2, so we don't need it.
-
-         * if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 )
-         * return GNUTLS_E_CERTIFICATE_ERROR;
-         */
-
-        if( gnutls_x509_crt_init( &cert ) < 0 )
+        if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 || gnutls_x509_crt_init( &cert ) < 0 )
                 return VERIFY_CERT_ERROR;
 

lib/ssl_openssl.c

@@ -31 +31 @@
 #include <openssl/err.h>
 
+#include "bitlbee.h"
 #include "proxy.h"
 #include "ssl_client.h"
@@ -117 +118 @@
 {
         struct scd *conn = data;
-        SSL_METHOD *meth;
+        const SSL_METHOD *meth;
         
         /* Right now we don't have any verification functionality for OpenSSL. */