Sat Apr 25 13:47:31 2020 UTC ()
cadaver: Build with OpenSSL 1.1... by switching to gnutls and fixing that
(nia)
diff -r1.51 -r1.52 pkgsrc/www/cadaver/Makefile
diff -r1.10 -r1.11 pkgsrc/www/cadaver/distinfo
diff -r0 -r1.1 pkgsrc/www/cadaver/patches/patch-lib_neon_ne__auth.c
diff -r0 -r1.1 pkgsrc/www/cadaver/patches/patch-lib_neon_ne__gnutls.c
diff -r0 -r1.1 pkgsrc/www/cadaver/patches/patch-lib_neon_ne__privssl.h
diff -r0 -r1.1 pkgsrc/www/cadaver/patches/patch-lib_neon_ne__socket.c
--- pkgsrc/www/cadaver/Makefile 2020/04/24 12:14:01 1.51
+++ pkgsrc/www/cadaver/Makefile 2020/04/25 13:47:31 1.52
| @@ -1,37 +1,25 @@ | | | @@ -1,37 +1,25 @@ |
1 | # $NetBSD: Makefile,v 1.51 2020/04/24 12:14:01 nia Exp $ | | 1 | # $NetBSD: Makefile,v 1.52 2020/04/25 13:47:31 nia Exp $ |
2 | | | 2 | |
3 | DISTNAME= cadaver-0.23.3 | | 3 | DISTNAME= cadaver-0.23.3 |
4 | PKGREVISION= 5 | | 4 | PKGREVISION= 6 |
5 | CATEGORIES= www | | 5 | CATEGORIES= www |
6 | #MASTER_SITES= http://www.webdav.org/cadaver/ | | 6 | MASTER_SITES= http://www.webdav.org/cadaver/ |
7 | | | 7 | |
8 | MAINTAINER= pkgsrc-users@NetBSD.org | | 8 | MAINTAINER= pkgsrc-users@NetBSD.org |
9 | #HOMEPAGE= http://www.webdav.org/cadaver/ | | 9 | HOMEPAGE= http://www.webdav.org/cadaver/ |
10 | COMMENT= Command-line WebDAV client | | 10 | COMMENT= Command-line WebDAV client |
11 | | | 11 | LICENSE= gnu-gpl-v2 |
12 | BROKEN= "Fails to build with OpenSSL 1.1" | | | |
13 | | | 12 | |
14 | BUILD_TARGET= cadaver | | 13 | BUILD_TARGET= cadaver |
15 | GNU_CONFIGURE= YES | | 14 | GNU_CONFIGURE= YES |
16 | USE_PKGLOCALEDIR= yes | | 15 | USE_PKGLOCALEDIR= yes |
17 | CONFIGURE_ARGS+= --enable-netrc | | 16 | CONFIGURE_ARGS+= --enable-netrc |
18 | CONFIGURE_ARGS+= --with-expat | | 17 | CONFIGURE_ARGS+= --with-expat |
19 | #CONFIGURE_ARGS+= --with-included-neon | | 18 | CONFIGURE_ARGS+= --with-ssl=gnutls |
20 | CONFIGURE_ARGS+= --with-ssl=yes | | | |
21 | LIBS+= ${BUILDLINK_LDADD.termcap} | | 19 | LIBS+= ${BUILDLINK_LDADD.termcap} |
22 | | | 20 | |
23 | #INSTALL_MAKE_FLAGS+= bindir=${DESTDIR:Q}${PREFIX:Q}/bin \ | | | |
24 | # mandir=${DESTDIR:Q}${PREFIX:Q}/${PKGMANDIR:Q} | | | |
25 | | | | |
26 | .include "../../mk/readline.buildlink3.mk" | | 21 | .include "../../mk/readline.buildlink3.mk" |
27 | .include "../../security/openssl/buildlink3.mk" | | | |
28 | .include "../../textproc/expat/buildlink3.mk" | | 22 | .include "../../textproc/expat/buildlink3.mk" |
29 | .include "../../www/neon/buildlink3.mk" | | | |
30 | .include "../../devel/gettext-lib/buildlink3.mk" | | 23 | .include "../../devel/gettext-lib/buildlink3.mk" |
31 | # DON'T make this package depend on the www/neon package until neon | | 24 | .include "../../security/gnutls/buildlink3.mk" |
32 | # becomes stable; keep it using its internal copy of neon as with | | | |
33 | # www/sitecopy. This package has in the past bounced back and forth | | | |
34 | # between using external and internal neon because neon moves faster | | | |
35 | # than cadaver, and does so incompatibly. | | | |
36 | | | | |
37 | .include "../../mk/bsd.pkg.mk" | | 25 | .include "../../mk/bsd.pkg.mk" |
--- pkgsrc/www/cadaver/distinfo 2015/11/04 02:46:51 1.10
+++ pkgsrc/www/cadaver/distinfo 2020/04/25 13:47:31 1.11
| @@ -1,7 +1,11 @@ | | | @@ -1,7 +1,11 @@ |
1 | $NetBSD: distinfo,v 1.10 2015/11/04 02:46:51 agc Exp $ | | 1 | $NetBSD: distinfo,v 1.11 2020/04/25 13:47:31 nia Exp $ |
2 | | | 2 | |
3 | SHA1 (cadaver-0.23.3.tar.gz) = 4ad8ea2341b77e7dee26b46e4a8a496f1a2962cd | | 3 | SHA1 (cadaver-0.23.3.tar.gz) = 4ad8ea2341b77e7dee26b46e4a8a496f1a2962cd |
4 | RMD160 (cadaver-0.23.3.tar.gz) = 104f687cfd121b091ba2f509b37574509b4ffabd | | 4 | RMD160 (cadaver-0.23.3.tar.gz) = 104f687cfd121b091ba2f509b37574509b4ffabd |
5 | SHA512 (cadaver-0.23.3.tar.gz) = 48fe0a266be0ca7239f325377e5e2a8dc57a5d60466c7160e36c060ad24c09a50727695b9fa931844b1e66e173ebbb838f390d6c60fd07b614bd3b636cd4dd41 | | 5 | SHA512 (cadaver-0.23.3.tar.gz) = 48fe0a266be0ca7239f325377e5e2a8dc57a5d60466c7160e36c060ad24c09a50727695b9fa931844b1e66e173ebbb838f390d6c60fd07b614bd3b636cd4dd41 |
6 | Size (cadaver-0.23.3.tar.gz) = 831884 bytes | | 6 | Size (cadaver-0.23.3.tar.gz) = 831884 bytes |
7 | SHA1 (patch-aa) = 6b8391e825d8bc4131fdab4aee7214a0181a9b69 | | 7 | SHA1 (patch-aa) = 6b8391e825d8bc4131fdab4aee7214a0181a9b69 |
| | | 8 | SHA1 (patch-lib_neon_ne__auth.c) = b3be23038af390d52830e1c00c8313606e79ba96 |
| | | 9 | SHA1 (patch-lib_neon_ne__gnutls.c) = ab502c65db85b2e2db100dcbaad3f51de3e9e895 |
| | | 10 | SHA1 (patch-lib_neon_ne__privssl.h) = 83431345d2333423c664ce4f764683b1ee48b571 |
| | | 11 | SHA1 (patch-lib_neon_ne__socket.c) = effeded3caa19853b1845fdeea4754491f11e009 |
$NetBSD: patch-lib_neon_ne__auth.c,v 1.1 2020/04/25 13:47:31 nia Exp $
Fix build with newer gnutls.
--- lib/neon/ne_auth.c.orig 2009-12-02 21:27:34.000000000 +0000
+++ lib/neon/ne_auth.c
@@ -46,7 +46,7 @@
#ifdef HAVE_OPENSSL
#include <openssl/rand.h>
#elif defined(HAVE_GNUTLS)
-#include <gcrypt.h>
+#include <gnutls/crypto.h>
#endif
#include <errno.h>
@@ -316,7 +316,7 @@ static char *get_cnonce(void)
#ifdef HAVE_GNUTLS
if (1) {
- gcry_create_nonce(data, sizeof data);
+ gnutls_rnd(GNUTLS_RND_NONCE, data, sizeof data);
ne_md5_process_bytes(data, sizeof data, hash);
}
else
$NetBSD: patch-lib_neon_ne__gnutls.c,v 1.1 2020/04/25 13:47:31 nia Exp $
Fix build with newer gnutls.
--- lib/neon/ne_gnutls.c.orig 2009-12-02 21:40:41.000000000 +0000
+++ lib/neon/ne_gnutls.c
@@ -33,15 +33,13 @@
#include <errno.h>
#include <gnutls/gnutls.h>
+#include <gnutls/abstract.h>
#include <gnutls/pkcs12.h>
#ifdef NE_HAVE_TS_SSL
#include <errno.h>
#include <pthread.h>
-#include <gcrypt.h>
GCRY_THREAD_OPTION_PTHREAD_IMPL;
-#else
-#include <gcrypt.h>
#endif
#ifdef HAVE_ICONV
@@ -67,30 +65,30 @@ struct ne_ssl_dname_s {
gnutls_x509_dn_t dn;
#else
int subject; /* non-zero if this is the subject DN object */
- gnutls_x509_crt cert;
+ gnutls_x509_crt_t cert;
#endif
};
struct ne_ssl_certificate_s {
ne_ssl_dname subj_dn, issuer_dn;
- gnutls_x509_crt subject;
+ gnutls_x509_crt_t subject;
ne_ssl_certificate *issuer;
char *identity;
};
struct ne_ssl_client_cert_s {
- gnutls_pkcs12 p12;
+ gnutls_pkcs12_t p12;
int decrypted; /* non-zero if successfully decrypted. */
int keyless;
ne_ssl_certificate cert;
- gnutls_x509_privkey pkey;
+ gnutls_x509_privkey_t pkey;
char *friendly_name;
};
/* Returns the highest used index in subject (or issuer) DN of
* certificate CERT for OID, or -1 if no RDNs are present in the DN
* using that OID. */
-static int oid_find_highest_index(gnutls_x509_crt cert, int subject, const char *oid)
+static int oid_find_highest_index(gnutls_x509_crt_t cert, int subject, const char *oid)
{
int ret, idx = -1;
@@ -113,7 +111,7 @@ static int oid_find_highest_index(gnutls
#ifdef HAVE_ICONV
static void convert_dirstring(ne_buffer *buf, const char *charset,
- gnutls_datum *data)
+ gnutls_datum_t *data)
{
iconv_t id = iconv_open("UTF-8", charset);
size_t inlen = data->size, outlen = buf->length - buf->used;
@@ -150,7 +148,7 @@ static void convert_dirstring(ne_buffer
#define TAG_UNIVERSAL (28)
#define TAG_BMP (30)
-static void append_dirstring(ne_buffer *buf, gnutls_datum *data, unsigned long tag)
+static void append_dirstring(ne_buffer *buf, gnutls_datum_t *data, unsigned long tag)
{
switch (tag) {
case TAG_UTF8:
@@ -240,7 +238,7 @@ char *ne_ssl_readable_dname(const ne_ssl
/* Appends the value of RDN with given oid from certitifcate x5
* subject (if subject is non-zero), or issuer DN to buffer 'buf': */
-static void append_rdn(ne_buffer *buf, gnutls_x509_crt x5, int subject, const char *oid)
+static void append_rdn(ne_buffer *buf, gnutls_x509_crt_t x5, int subject, const char *oid)
{
int idx, top, ret;
char rdn[50];
@@ -353,7 +351,7 @@ void ne_ssl_cert_validity_time(const ne_
* If 'identity' is non-NULL, store the malloc-allocated identity in
* *identity. If 'server' is non-NULL, it must be the network address
* of the server in use, and identity must be NULL. */
-static int check_identity(const ne_uri *server, gnutls_x509_crt cert,
+static int check_identity(const ne_uri *server, gnutls_x509_crt_t cert,
char **identity)
{
char name[255];
@@ -460,7 +458,7 @@ static int check_identity(const ne_uri *
* that x5 is owned by returned cert object and must not be otherwise
* freed by the caller. */
static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert,
- gnutls_x509_crt x5)
+ gnutls_x509_crt_t x5)
{
#ifdef HAVE_NEW_DN_API
gnutls_x509_crt_get_subject(x5, &cert->subj_dn.dn);
@@ -479,12 +477,12 @@ static ne_ssl_certificate *populate_cert
}
/* Returns a copy certificate of certificate SRC. */
-static gnutls_x509_crt x509_crt_copy(gnutls_x509_crt src)
+static gnutls_x509_crt_t x509_crt_copy(gnutls_x509_crt_t src)
{
int ret;
size_t size;
- gnutls_datum tmp;
- gnutls_x509_crt dest;
+ gnutls_datum_t tmp;
+ gnutls_x509_crt_t dest;
if (gnutls_x509_crt_init(&dest) != 0) {
return NULL;
@@ -547,10 +545,10 @@ dup_error:
}
/* Callback invoked when the SSL server requests a client certificate. */
-static int provide_client_cert(gnutls_session session,
- const gnutls_datum *req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm *sign_algos,
- int sign_algos_length, gnutls_retr_st *st)
+static int provide_client_cert(gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t *sign_algos,
+ int sign_algos_length, gnutls_retr2_st *st)
{
ne_session *sess = gnutls_session_get_ptr(session);
@@ -606,11 +604,11 @@ static int provide_client_cert(gnutls_se
}
if (sess->client_cert) {
- gnutls_certificate_type type = gnutls_certificate_type_get(session);
+ gnutls_certificate_type_t type = gnutls_certificate_type_get(session);
if (type == GNUTLS_CRT_X509) {
NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
- st->type = type;
+ st->cert_type = type;
st->ncerts = 1;
st->cert.x509 = &sess->client_cert->cert.subject;
st->key.x509 = sess->client_cert->pkey;
@@ -639,8 +637,7 @@ ne_ssl_context *ne_ssl_context_create(in
ne_ssl_context *ctx = ne_calloc(sizeof *ctx);
gnutls_certificate_allocate_credentials(&ctx->cred);
if (flags == NE_SSL_CTX_CLIENT) {
- gnutls_certificate_client_set_retrieve_function(ctx->cred,
- provide_client_cert);
+ gnutls_certificate_set_retrieve_function(ctx->cred, provide_client_cert);
}
gnutls_certificate_set_verify_flags(ctx->cred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
@@ -689,9 +686,9 @@ void ne_ssl_context_destroy(ne_ssl_conte
#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
/* Return the issuer of the given certificate, or NULL if none can be
* found. */
-static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list,
+static gnutls_x509_crt_t find_issuer(gnutls_x509_crt_t *ca_list,
unsigned int num_cas,
- gnutls_x509_crt cert)
+ gnutls_x509_crt_t cert)
{
unsigned int n;
@@ -705,11 +702,11 @@ static gnutls_x509_crt find_issuer(gnutl
#endif
/* Return the certificate chain sent by the peer, or NULL on error. */
-static ne_ssl_certificate *make_peers_chain(gnutls_session sock,
- gnutls_certificate_credentials crd)
+static ne_ssl_certificate *make_peers_chain(gnutls_session_t sock,
+ gnutls_certificate_credentials_t crd)
{
ne_ssl_certificate *current = NULL, *top = NULL;
- const gnutls_datum *certs;
+ const gnutls_datum_t *certs;
unsigned int n, count;
ne_ssl_certificate *cert;
@@ -721,7 +718,7 @@ static ne_ssl_certificate *make_peers_ch
NE_DEBUG(NE_DBG_SSL, "ssl: Got %u certs in peer chain.\n", count);
for (n = 0; n < count; n++) {
- gnutls_x509_crt x5;
+ gnutls_x509_crt_t x5;
if (gnutls_x509_crt_init(&x5) ||
gnutls_x509_crt_import(x5, &certs[n], GNUTLS_X509_FMT_DER)) {
@@ -746,8 +743,8 @@ static ne_ssl_certificate *make_peers_ch
* in the Certificate list during the handshake. Fill in the
* complete chain manually against the certs we trust: */
if (current->issuer == NULL) {
- gnutls_x509_crt issuer;
- gnutls_x509_crt *ca_list;
+ gnutls_x509_crt_t issuer;
+ gnutls_x509_crt_t *ca_list;
unsigned int num_cas;
gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas);
@@ -849,7 +846,7 @@ static int check_chain_expiry(ne_ssl_cer
}
/* Verifies an SSL server certificate. */
-static int check_certificate(ne_session *sess, gnutls_session sock,
+static int check_certificate(ne_session *sess, gnutls_session_t sock,
ne_ssl_certificate *chain)
{
int ret, failures;
@@ -911,7 +908,7 @@ int ne__negotiate_ssl(ne_session *sess)
{
ne_ssl_context *const ctx = sess->ssl_context;
ne_ssl_certificate *chain;
- gnutls_session sock;
+ gnutls_session_t sock;
NE_DEBUG(NE_DBG_SSL, "Negotiating SSL connection.\n");
@@ -980,7 +977,7 @@ const char *ne_ssl_cert_identity(const n
void ne_ssl_context_trustcert(ne_ssl_context *ctx, const ne_ssl_certificate *cert)
{
- gnutls_x509_crt certs = cert->subject;
+ gnutls_x509_crt_t certs = cert->subject;
gnutls_certificate_set_x509_trust(ctx->cred, &certs, 1);
}
@@ -994,7 +991,7 @@ void ne_ssl_trust_default_ca(ne_session
}
/* Read the contents of file FILENAME into *DATUM. */
-static int read_to_datum(const char *filename, gnutls_datum *datum)
+static int read_to_datum(const char *filename, gnutls_datum_t *datum)
{
FILE *f = fopen(filename, "r");
ne_buffer *buf;
@@ -1026,11 +1023,11 @@ static int read_to_datum(const char *fil
/* Parses a PKCS#12 structure and loads the certificate, private key
* and friendly name if possible. Returns zero on success, non-zero
* on error. */
-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
- gnutls_x509_crt *x5, char **friendly_name,
+static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey_t *pkey,
+ gnutls_x509_crt_t *x5, char **friendly_name,
const char *password)
{
- gnutls_pkcs12_bag bag = NULL;
+ gnutls_pkcs12_bag_t bag = NULL;
int i, j, ret = 0;
for (i = 0; ret == 0; ++i) {
@@ -1045,8 +1042,8 @@ static int pkcs12_parse(gnutls_pkcs12 p1
gnutls_pkcs12_bag_decrypt(bag, password);
for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) {
- gnutls_pkcs12_bag_type type;
- gnutls_datum data;
+ gnutls_pkcs12_bag_type_t type;
+ gnutls_datum_t data;
if (friendly_name && *friendly_name == NULL) {
char *name = NULL;
@@ -1113,12 +1110,12 @@ static int pkcs12_parse(gnutls_pkcs12 p1
ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
{
int ret;
- gnutls_datum data;
- gnutls_pkcs12 p12;
+ gnutls_datum_t data;
+ gnutls_pkcs12_t p12;
ne_ssl_client_cert *cc;
char *friendly_name = NULL;
- gnutls_x509_crt cert = NULL;
- gnutls_x509_privkey pkey = NULL;
+ gnutls_x509_crt_t cert = NULL;
+ gnutls_x509_privkey_t pkey = NULL;
if (read_to_datum(filename, &data))
return NULL;
@@ -1162,8 +1159,8 @@ ne_ssl_client_cert *ne__ssl_clicert_exke
size_t der_len)
{
ne_ssl_client_cert *cc;
- gnutls_x509_crt x5;
- gnutls_datum datum;
+ gnutls_x509_crt_t x5;
+ gnutls_datum_t datum;
datum.data = (unsigned char *)der;
datum.size = der_len;
@@ -1190,8 +1187,8 @@ int ne_ssl_clicert_encrypted(const ne_ss
int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password)
{
int ret;
- gnutls_x509_crt cert = NULL;
- gnutls_x509_privkey pkey = NULL;
+ gnutls_x509_crt_t cert = NULL;
+ gnutls_x509_privkey_t pkey = NULL;
if (gnutls_pkcs12_verify_mac(cc->p12, password) != 0) {
return -1;
@@ -1228,8 +1225,8 @@ const char *ne_ssl_clicert_name(const ne
ne_ssl_certificate *ne_ssl_cert_read(const char *filename)
{
int ret;
- gnutls_datum data;
- gnutls_x509_crt x5;
+ gnutls_datum_t data;
+ gnutls_x509_crt_t x5;
if (read_to_datum(filename, &data))
return NULL;
@@ -1300,8 +1297,8 @@ ne_ssl_certificate *ne_ssl_cert_import(c
int ret;
size_t len;
unsigned char *der;
- gnutls_datum buffer = { NULL, 0 };
- gnutls_x509_crt x5;
+ gnutls_datum_t buffer = { NULL, 0 };
+ gnutls_x509_crt_t x5;
if (gnutls_x509_crt_init(&x5) != 0)
return NULL;
@@ -1369,10 +1366,6 @@ int ne_ssl_cert_digest(const ne_ssl_cert
int ne__ssl_init(void)
{
-#ifdef NE_HAVE_TS_SSL
- gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-#endif
- gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
return gnutls_global_init();
}
$NetBSD: patch-lib_neon_ne__privssl.h,v 1.1 2020/04/25 13:47:31 nia Exp $
Fix build with newer gnutls.
--- lib/neon/ne_privssl.h.orig 2009-09-02 14:04:43.000000000 +0000
+++ lib/neon/ne_privssl.h
@@ -59,7 +59,7 @@ ne__ssl_clicert_exkey_import(const unsig
#include <gnutls/gnutls.h>
struct ne_ssl_context_s {
- gnutls_certificate_credentials cred;
+ gnutls_certificate_credentials_t cred;
int verify; /* non-zero if client cert verification required */
const char *hostname; /* for SNI */
@@ -67,10 +67,10 @@ struct ne_ssl_context_s {
/* Session cache. */
union ne_ssl_scache {
struct {
- gnutls_datum key, data;
+ gnutls_datum_t key, data;
} server;
#if defined(HAVE_GNUTLS_SESSION_GET_DATA2)
- gnutls_datum client;
+ gnutls_datum_t client;
#else
struct {
char *data;
@@ -85,7 +85,7 @@ struct ne_ssl_context_s {
#endif
};
-typedef gnutls_session ne_ssl_socket;
+typedef gnutls_session_t ne_ssl_socket;
NE_PRIVATE ne_ssl_client_cert *
ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len);
$NetBSD: patch-lib_neon_ne__socket.c,v 1.1 2020/04/25 13:47:31 nia Exp $
Fix build with newer gnutls.
--- lib/neon/ne_socket.c.orig 2009-12-02 21:27:34.000000000 +0000
+++ lib/neon/ne_socket.c
@@ -1608,14 +1608,14 @@ void ne_sock_connect_timeout(ne_socket *
* session. */
/* Copy datum 'src' to 'dest'. */
-static void copy_datum(gnutls_datum *dest, gnutls_datum *src)
+static void copy_datum(gnutls_datum_t *dest, gnutls_datum_t *src)
{
dest->size = src->size;
dest->data = memcpy(gnutls_malloc(src->size), src->data, src->size);
}
/* Callback to store a session 'data' with id 'key'. */
-static int store_sess(void *userdata, gnutls_datum key, gnutls_datum data)
+static int store_sess(void *userdata, gnutls_datum_t key, gnutls_datum_t data)
{
ne_ssl_context *ctx = userdata;
@@ -1631,17 +1631,17 @@ static int store_sess(void *userdata, gn
}
/* Returns non-zero if d1 and d2 are the same datum. */
-static int match_datum(gnutls_datum *d1, gnutls_datum *d2)
+static int match_datum(gnutls_datum_t *d1, gnutls_datum_t *d2)
{
return d1->size == d2->size
&& memcmp(d1->data, d2->data, d1->size) == 0;
}
/* Callback to retrieve a session of id 'key'. */
-static gnutls_datum retrieve_sess(void *userdata, gnutls_datum key)
+static gnutls_datum_t retrieve_sess(void *userdata, gnutls_datum_t key)
{
ne_ssl_context *ctx = userdata;
- gnutls_datum ret = { NULL, 0 };
+ gnutls_datum_t ret = { NULL, 0 };
if (match_datum(&ctx->cache.server.key, &key)) {
copy_datum(&ret, &ctx->cache.server.data);
@@ -1652,7 +1652,7 @@ static gnutls_datum retrieve_sess(void *
/* Callback to remove a session of id 'key'; stub needed but
* implementation seems unnecessary. */
-static int remove_sess(void *userdata, gnutls_datum key)
+static int remove_sess(void *userdata, gnutls_datum_t key)
{
return -1;
}
@@ -1678,6 +1678,8 @@ int ne_sock_accept_ssl(ne_socket *sock,
NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n");
}
#elif defined(HAVE_GNUTLS)
+ unsigned int verify_status;
+
gnutls_init(&ssl, GNUTLS_SERVER);
gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred);
gnutls_set_default_priority(ssl);
@@ -1689,15 +1691,15 @@ int ne_sock_accept_ssl(ne_socket *sock,
gnutls_db_set_ptr(ssl, ctx);
if (ctx->verify)
- gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUEST);
+ gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUIRE);
sock->ssl = ssl;
- gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr)(long)sock->fd);
+ gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr_t)(long)sock->fd);
ret = gnutls_handshake(ssl);
if (ret < 0) {
return error_gnutls(sock, ret);
}
- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) {
+ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) {
set_error(sock, _("Client certificate verification failed"));
return NE_SOCK_ERROR;
}
@@ -1774,7 +1776,7 @@ int ne_sock_connect_ssl(ne_socket *sock,
strlen(ctx->hostname));
}
- gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr)(long)sock->fd);
+ gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr_t)(long)sock->fd);
if (ctx->cache.client.data) {
#if defined(HAVE_GNUTLS_SESSION_GET_DATA2)