Mercurial Mercurial > loudmouth / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
* configure.in:
authorfcrozat <fcrozat>
Thu, 22 Jan 2004 15:20:15 +0000
changeset 77 444ef677160f
parent 76 662568883db4
child 78 8506d9435c93
* configure.in: * loudmouth/lm-ssl.c: (ssl_verify_certificate): Don't use deprecated function of gnutls. Now requires gnutls >= 1.0.0
ChangeLog file | annotate | diff | comparison | revisions
configure.in file | annotate | diff | comparison | revisions
loudmouth/lm-ssl.c file | annotate | diff | comparison | revisions 
--- a/ChangeLog	Wed Jan 21 23:27:05 2004 +0000
+++ b/ChangeLog	Thu Jan 22 15:20:15 2004 +0000
@@ -1,3 +1,10 @@
+2004-01-22  Frederic Crozat  <fcrozat@mandrakesoft.com>
+
+	* configure.in:
+	* loudmouth/lm-ssl.c: (ssl_verify_certificate):
+	Don't use deprecated function of gnutls.
+	Now requires gnutls >= 1.0.0
+
 2004-01-21  Mikael Hallendal  <micke@imendio.com>
 
 	* Release 0.15.
--- a/configure.in	Wed Jan 21 23:27:05 2004 +0000
+++ b/configure.in	Thu Jan 22 15:20:15 2004 +0000
@@ -28,7 +28,7 @@
 AC_SUBST(LDFLAGS)
 
 GLIB2_REQUIRED=2.0.0
-GNUTLS_REQUIRED=0.8.9
+GNUTLS_REQUIRED=1.0.0
 
 AC_SUBST(GLIB2_REQUIRED)
 AC_SUBST(GNUTLS_REQUIRED)
--- a/loudmouth/lm-ssl.c	Wed Jan 21 23:27:05 2004 +0000
+++ b/loudmouth/lm-ssl.c	Thu Jan 22 15:20:15 2004 +0000
@@ -29,7 +29,7 @@
 #include "lm-error.h"
 
 #ifdef HAVE_GNUTLS
-#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
 #endif
 
 struct _LmSSL {
@@ -72,7 +72,6 @@
 	
 	if (status & GNUTLS_CERT_INVALID
 	    || status & GNUTLS_CERT_NOT_TRUSTED
-	    || status & GNUTLS_CERT_CORRUPTED
 	    || status & GNUTLS_CERT_REVOKED) {
 		if (ssl->func (ssl, LM_SSL_STATUS_UNTRUSTED_CERT,
 			       ssl->func_data) != LM_SSL_RESPONSE_CONTINUE) {
@@ -98,6 +97,7 @@
 		const gnutls_datum* cert_list;
 		int cert_list_size;
 		int digest_size;
+		gnutls_x509_crt cert;
 		
 		cert_list = gnutls_certificate_get_peers (ssl->gnutls_session, &cert_list_size);
 		if (cert_list == NULL) {
@@ -106,15 +106,26 @@
 				return FALSE;
 			}
 		}
+
+		gnutls_x509_crt_init (&cert);
+
+		if (!gnutls_x509_crt_import (cert, &cert_list[0],
+					     GNUTLS_X509_FMT_DER)) {
+			if (ssl->func (ssl, LM_SSL_STATUS_NO_CERT_FOUND, 
+				       ssl->func_data) != LM_SSL_RESPONSE_CONTINUE) {
+				return FALSE;
+			}
+		}
 		
-		if (!gnutls_x509_check_certificates_hostname (&cert_list[0],
-							      server)) {
+		if (!gnutls_x509_crt_check_hostname (cert, server)) {
 			if (ssl->func (ssl, LM_SSL_STATUS_CERT_HOSTNAME_MISMATCH,
 				       ssl->func_data) != LM_SSL_RESPONSE_CONTINUE) {
 				return FALSE;
 			}
 		}
 
+		gnutls_x509_crt_deinit (cert);
+
 		if (gnutls_x509_fingerprint (GNUTLS_DIG_MD5, &cert_list[0],
 					     ssl->fingerprint,
 					     &digest_size) >= 0) {
loudmouth