Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:rhabacker:branches:windows:mingw:win32
mingw32-loudmouth
loudmouth-1.4.3-gnutls.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File loudmouth-1.4.3-gnutls.patch of Package mingw32-loudmouth
--- loudmouth-1.4.3/loudmouth/lm-ssl-base.c 2008-10-29 14:45:10.000000000 +0100 +++ loudmouth-1.4.3/loudmouth/lm-ssl-base.c 2016-05-27 09:02:12.300545844 +0200 @@ -33,6 +33,7 @@ base->func_data = user_data; base->data_notify = notify; base->fingerprint[0] = '\0'; + base->cipher_list = NULL; if (expected_fingerprint) { base->expected_fingerprint = g_memdup (expected_fingerprint, 16); @@ -49,8 +50,27 @@ } void +_lm_ssl_base_set_cipher_list (LmSSLBase *base, + const gchar *cipher_list) +{ + if (base->cipher_list) + g_free (base->cipher_list); + base->cipher_list = g_strdup (cipher_list); +} + +void +_lm_ssl_base_set_ca_path (LmSSLBase *base, + const gchar *ca_path) +{ + if (base->ca_path) + g_free (base->ca_path); + base->ca_path = g_strdup (ca_path); +} +void _lm_ssl_base_free_fields (LmSSLBase *base) { g_free (base->expected_fingerprint); + g_free (base->cipher_list); + g_free (base->ca_path); } --- loudmouth-1.4.3/loudmouth/lm-ssl-base.h 2008-10-29 14:45:10.000000000 +0100 +++ loudmouth-1.4.3/loudmouth/lm-ssl-base.h 2016-05-27 09:02:12.300545844 +0200 @@ -30,6 +30,8 @@ LmSSLFunction func; gpointer func_data; GDestroyNotify data_notify; + gchar *cipher_list; + gchar *ca_path; gchar *expected_fingerprint; char fingerprint[20]; gboolean use_starttls; @@ -44,6 +46,12 @@ gpointer user_data, GDestroyNotify notify); +void _lm_ssl_base_set_cipher_list (LmSSLBase *base, + const gchar *cipher_list); + +void _lm_ssl_base_set_ca_path (LmSSLBase *base, + const gchar *ca_path); + void _lm_ssl_base_free_fields (LmSSLBase *base); #endif /* __LM_SSL_BASE_H__ */ --- loudmouth-1.4.3/loudmouth/lm-ssl-generic.c 2008-10-29 21:42:09.000000000 +0100 +++ loudmouth-1.4.3/loudmouth/lm-ssl-generic.c 2016-05-27 09:02:12.300545844 +0200 @@ -169,6 +168,29 @@ return ssl; } +void +lm_ssl_set_cipher_list (LmSSL *ssl, + const gchar *cipher_list) +{ + _lm_ssl_base_set_cipher_list(LM_SSL_BASE(ssl), cipher_list); +} + +/** + * lm_ssl_set_ca: + * @ssl: an #LmSSL + * @ca_path: path to a certificate or a directory containing certificates + * + * Sets a path to certificates which should be trusted. + * + **/ + +void +lm_ssl_set_ca (LmSSL *ssl, const gchar *ca_path) +{ + _lm_ssl_base_set_ca_path(LM_SSL_BASE(ssl), ca_path); +} + + /** * lm_ssl_use_starttls: * @ssl: an #LmSSL Only in loudmouth-1.4.3/loudmouth: lm-ssl-generic.c.orig --- loudmouth-1.4.3/loudmouth/lm-ssl-gnutls.c 2008-10-29 14:45:10.000000000 +0100 +++ loudmouth-1.4.3/loudmouth/lm-ssl-gnutls.c 2016-05-27 09:02:12.300545844 +0200 @@ -20,7 +20,12 @@ #include <config.h> +#include <errno.h> #include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> +#include <dirent.h> #include <glib.h> #include "lm-debug.h" @@ -38,7 +42,7 @@ LmSSLBase base; gnutls_session gnutls_session; - gnutls_certificate_credentials gnutls_xcred; + gnutls_certificate_credentials_t gnutls_xcred; gboolean started; }; @@ -192,21 +196,93 @@ } gboolean +_lm_ssl_set_ca (LmSSL *ssl, + const gchar *ca_path) +{ + struct stat target; + + if (stat (ca_path, &target) != 0) { + g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, + "ca_path '%s': no such file or directory", ca_path); + return FALSE; + } + + if (S_ISDIR (target.st_mode)) { + int success = 0; + int worked_at_least_once = 0; + DIR *dir; + struct dirent *entry; + + if ((dir = opendir (ca_path)) == NULL) { + g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, + "Couldn't open '%s': %s", + ca_path, strerror(errno)); + return FALSE; + } + + for (entry = readdir (dir); entry != NULL; entry = readdir (dir)) { + struct stat file; + gchar *path = g_build_path ("/", ca_path, entry->d_name, NULL); + + if ((stat (path, &file) == 0) && S_ISREG (file.st_mode)) { + success = gnutls_certificate_set_x509_trust_file ( + ssl->gnutls_xcred, path, GNUTLS_X509_FMT_PEM); + if (success > 0) + worked_at_least_once = 1; + if (success < 0) { + g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, + "Loading of certificate '%s' failed: %s", + path, gnutls_strerror(success)); + } + } + g_free (path); + } + closedir (dir); + + if (!worked_at_least_once) { + g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, + "No certificates in ca_path '%s'. Are they in PEM format?", + ca_path); + return FALSE; + } + + } else if (S_ISREG (target.st_mode)) { + int success = 0; + success = gnutls_certificate_set_x509_trust_file (ssl->gnutls_xcred, + ca_path, + GNUTLS_X509_FMT_PEM); + if (success < 0) { + g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, + "Loading of ca_path '%s' failed: %s", + ca_path, gnutls_strerror(success)); + return FALSE; + } + } + return TRUE; +} + +gboolean _lm_ssl_begin (LmSSL *ssl, gint fd, const gchar *server, GError **error) { int ret; + LmSSLBase *base; gboolean auth_ok = TRUE; - const int cert_type_priority[] = - { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; - const int compression_priority[] = - { GNUTLS_COMP_DEFLATE, GNUTLS_COMP_NULL, 0 }; + base = LM_SSL_BASE(ssl); gnutls_init (&ssl->gnutls_session, GNUTLS_CLIENT); - gnutls_set_default_priority (ssl->gnutls_session); - gnutls_certificate_type_set_priority (ssl->gnutls_session, - cert_type_priority); - gnutls_compression_set_priority (ssl->gnutls_session, - compression_priority); + if (base->cipher_list) { + gnutls_priority_set_direct (ssl->gnutls_session, base->cipher_list, NULL); + } else { + gnutls_priority_set_direct (ssl->gnutls_session, "NORMAL", NULL); + } + if (base->ca_path) { + _lm_ssl_set_ca(ssl, base->ca_path); + } else { + gnutls_certificate_set_x509_system_trust(ssl->gnutls_xcred); + } + if (base->ca_path) { + _lm_ssl_set_ca(ssl, base->ca_path); + } gnutls_credentials_set (ssl->gnutls_session, GNUTLS_CRD_CERTIFICATE, ssl->gnutls_xcred); @@ -237,6 +313,10 @@ return FALSE; } + lm_verbose ("GNUTLS negotiated cipher suite: %s", + gnutls_cipher_suite_get_name(gnutls_kx_get(ssl->gnutls_session), + gnutls_cipher_get(ssl->gnutls_session), + gnutls_mac_get(ssl->gnutls_session))); lm_verbose ("GNUTLS negotiated compression: %s", gnutls_compression_get_name (gnutls_compression_get (ssl->gnutls_session))); Only in loudmouth-1.4.3/loudmouth: lm-ssl-gnutls.c.orig --- loudmouth-1.4.3/loudmouth/lm-ssl.h 2008-10-29 21:43:19.000000000 +0100 +++ loudmouth-1.4.3/loudmouth/lm-ssl.h 2016-05-27 09:02:12.300545844 +0200 @@ -63,6 +63,12 @@ gboolean lm_ssl_is_supported (void); +void lm_ssl_set_cipher_list (LmSSL *ssl, + const gchar *cipher_list); + +void lm_ssl_set_ca (LmSSL *ssl, + const gchar *ca_path); + const gchar * lm_ssl_get_fingerprint (LmSSL *ssl); void lm_ssl_use_starttls (LmSSL *ssl, Only in loudmouth-1.4.3/loudmouth: lm-ssl.h.orig --- loudmouth-1.4.3/loudmouth/lm-ssl-internals.h 2008-10-29 14:19:24.000000000 +0100 +++ loudmouth-1.4.3/loudmouth/lm-ssl-internals.h 2016-05-27 09:02:12.300545844 +0200 @@ -32,6 +32,8 @@ GDestroyNotify notify); void _lm_ssl_initialize (LmSSL *ssl); +gboolean _lm_ssl_set_ca (LmSSL *ssl, + const gchar *ca_path); gboolean _lm_ssl_begin (LmSSL *ssl, gint fd, const gchar *server, --- loudmouth-1.4.3/loudmouth/lm-ssl-openssl.c 2008-10-29 17:29:51.000000000 +0100 +++ loudmouth-1.4.3/loudmouth/lm-ssl-openssl.c 2016-05-27 09:02:12.300545844 +0200 @@ -23,6 +23,8 @@ #include <stdio.h> #include <string.h> #include <glib.h> +#include <sys/types.h> +#include <sys/stat.h> #ifndef G_OS_WIN32 #include <unistd.h> #endif @@ -316,11 +318,42 @@ } gboolean +_lm_ssl_set_ca (LmSSL *ssl, + const gchar *ca_path) +{ + struct stat target; + int success = 0; + + if (stat (ca_path, &target) != 0) { + g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, + "ca_path '%s': no such file or directory", ca_path); + return FALSE; + } + + if (S_ISDIR (target.st_mode)) { + success = SSL_CTX_load_verify_locations(ssl->ssl_ctx, NULL, ca_path); + } else if (S_ISREG (target.st_mode)) { + success = SSL_CTX_load_verify_locations(ssl->ssl_ctx, ca_path, NULL); + } + if (success == 0) { + g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, + "Loading of ca_path '%s' failed: %s", + ca_path, + ERR_error_string(ERR_peek_last_error(), NULL)); + return FALSE; + } + + return TRUE; +} + +gboolean _lm_ssl_begin (LmSSL *ssl, gint fd, const gchar *server, GError **error) { gint ssl_ret; GIOStatus status; + LmSSLBase *base; + base = LM_SSL_BASE(ssl); if (!ssl->ssl_ctx) { g_set_error (error, LM_ERROR, LM_ERROR_CONNECTION_OPEN, @@ -328,6 +361,13 @@ return FALSE; } + if (base->cipher_list) { + SSL_CTX_set_cipher_list(ssl->ssl_ctx, base->cipher_list); + } + if (base->ca_path) { + _lm_ssl_set_ca (ssl, base->ca_path); + } + ssl->ssl = SSL_new(ssl->ssl_ctx); if (ssl->ssl == NULL) { g_warning ("SSL_new() == NULL"); Only in loudmouth-1.4.3/loudmouth: lm-ssl-openssl.c.orig --- loudmouth-1.4.3/loudmouth/loudmouth.sym 2008-10-29 14:45:10.000000000 +0100 +++ loudmouth-1.4.3/loudmouth/loudmouth.sym 2016-05-27 09:02:12.304545756 +0200 @@ -82,6 +82,8 @@ lm_ssl_new lm_ssl_ref lm_ssl_unref +lm_ssl_set_ca +lm_ssl_set_cipher_list lm_ssl_use_starttls lm_utils_get_localtime lm_sha_hash Only in loudmouth-1.4.3/loudmouth: loudmouth.sym.orig
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor