* configure.in:
* loudmouth/lm-ssl.c: (ssl_verify_certificate):
Don't use deprecated function of gnutls. Now requires gnutls >= 1.0.0
--- a/ChangeLog Wed Jan 21 23:27:05 2004 +0000
+++ b/ChangeLog Thu Jan 22 15:20:15 2004 +0000
@@ -1,3 +1,10 @@
+2004-01-22 Frederic Crozat <fcrozat@mandrakesoft.com>
+
+ * configure.in:
+ * loudmouth/lm-ssl.c: (ssl_verify_certificate):
+ Don't use deprecated function of gnutls.
+ Now requires gnutls >= 1.0.0
+
2004-01-21 Mikael Hallendal <micke@imendio.com>
* Release 0.15.
--- a/configure.in Wed Jan 21 23:27:05 2004 +0000
+++ b/configure.in Thu Jan 22 15:20:15 2004 +0000
@@ -28,7 +28,7 @@
AC_SUBST(LDFLAGS)
GLIB2_REQUIRED=2.0.0
-GNUTLS_REQUIRED=0.8.9
+GNUTLS_REQUIRED=1.0.0
AC_SUBST(GLIB2_REQUIRED)
AC_SUBST(GNUTLS_REQUIRED)
--- a/loudmouth/lm-ssl.c Wed Jan 21 23:27:05 2004 +0000
+++ b/loudmouth/lm-ssl.c Thu Jan 22 15:20:15 2004 +0000
@@ -29,7 +29,7 @@
#include "lm-error.h"
#ifdef HAVE_GNUTLS
-#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
#endif
struct _LmSSL {
@@ -72,7 +72,6 @@
if (status & GNUTLS_CERT_INVALID
|| status & GNUTLS_CERT_NOT_TRUSTED
- || status & GNUTLS_CERT_CORRUPTED
|| status & GNUTLS_CERT_REVOKED) {
if (ssl->func (ssl, LM_SSL_STATUS_UNTRUSTED_CERT,
ssl->func_data) != LM_SSL_RESPONSE_CONTINUE) {
@@ -98,6 +97,7 @@
const gnutls_datum* cert_list;
int cert_list_size;
int digest_size;
+ gnutls_x509_crt cert;
cert_list = gnutls_certificate_get_peers (ssl->gnutls_session, &cert_list_size);
if (cert_list == NULL) {
@@ -106,15 +106,26 @@
return FALSE;
}
}
+
+ gnutls_x509_crt_init (&cert);
+
+ if (!gnutls_x509_crt_import (cert, &cert_list[0],
+ GNUTLS_X509_FMT_DER)) {
+ if (ssl->func (ssl, LM_SSL_STATUS_NO_CERT_FOUND,
+ ssl->func_data) != LM_SSL_RESPONSE_CONTINUE) {
+ return FALSE;
+ }
+ }
- if (!gnutls_x509_check_certificates_hostname (&cert_list[0],
- server)) {
+ if (!gnutls_x509_crt_check_hostname (cert, server)) {
if (ssl->func (ssl, LM_SSL_STATUS_CERT_HOSTNAME_MISMATCH,
ssl->func_data) != LM_SSL_RESPONSE_CONTINUE) {
return FALSE;
}
}
+ gnutls_x509_crt_deinit (cert);
+
if (gnutls_x509_fingerprint (GNUTLS_DIG_MD5, &cert_list[0],
ssl->fingerprint,
&digest_size) >= 0) {