1 |
qnikst 12/11/01 15:52:28 |
2 |
|
3 |
Added: neon-0.29.6-gnutls-3-types.patch |
4 |
neon-0.29.6-gnutls-3-functions.patch |
5 |
Log: |
6 |
fix gnutls-3 breakage #421441, thanks to Bartosz Brachaczek |
7 |
|
8 |
(Portage version: 2.2.0_alpha142/cvs/Linux x86_64, unsigned Manifest commit) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: neon-0.29.6-gnutls-3-types.patch |
17 |
=================================================================== |
18 |
From 9033b72dc4fa250519379cb39142a3e42141d3f5 Mon Sep 17 00:00:00 2001 |
19 |
From: Alexander V Vershilov <alexander.vershilov@×××××.com> |
20 |
Date: Thu, 1 Nov 2012 11:44:36 +0400 |
21 |
Subject: [PATCH 2/2] neon gnutls types fix |
22 |
|
23 |
--- |
24 |
src/ne_gnutls.c | 10 +++++----- |
25 |
1 file changed, 5 insertions(+), 5 deletions(-) |
26 |
|
27 |
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c |
28 |
index d50c6ce..11dfd8e 100644 |
29 |
--- a/src/ne_gnutls.c |
30 |
+++ b/src/ne_gnutls.c |
31 |
@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s { |
32 |
}; |
33 |
|
34 |
struct ne_ssl_client_cert_s { |
35 |
- gnutls_pkcs12 p12; |
36 |
+ gnutls_pkcs12_t p12; |
37 |
int decrypted; /* non-zero if successfully decrypted. */ |
38 |
int keyless; |
39 |
ne_ssl_certificate cert; |
40 |
@@ -1041,11 +1041,11 @@ static int read_to_datum(const char *filename, gnutls_datum *datum) |
41 |
/* Parses a PKCS#12 structure and loads the certificate, private key |
42 |
* and friendly name if possible. Returns zero on success, non-zero |
43 |
* on error. */ |
44 |
-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, |
45 |
+static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey, |
46 |
gnutls_x509_crt *x5, char **friendly_name, |
47 |
const char *password) |
48 |
{ |
49 |
- gnutls_pkcs12_bag bag = NULL; |
50 |
+ gnutls_pkcs12_bag_t bag = NULL; |
51 |
int i, j, ret = 0; |
52 |
|
53 |
for (i = 0; ret == 0; ++i) { |
54 |
@@ -1060,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, |
55 |
gnutls_pkcs12_bag_decrypt(bag, password); |
56 |
|
57 |
for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { |
58 |
- gnutls_pkcs12_bag_type type; |
59 |
+ gnutls_pkcs12_bag_type_t type; |
60 |
gnutls_datum data; |
61 |
|
62 |
if (friendly_name && *friendly_name == NULL) { |
63 |
@@ -1130,7 +1130,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) |
64 |
{ |
65 |
int ret; |
66 |
gnutls_datum data; |
67 |
- gnutls_pkcs12 p12; |
68 |
+ gnutls_pkcs12_t p12; |
69 |
ne_ssl_client_cert *cc; |
70 |
char *friendly_name = NULL; |
71 |
gnutls_x509_crt cert = NULL; |
72 |
-- |
73 |
1.7.12.3 |
74 |
|
75 |
|
76 |
|
77 |
|
78 |
1.1 net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch |
79 |
|
80 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch?rev=1.1&view=markup |
81 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch?rev=1.1&content-type=text/plain |
82 |
|
83 |
Index: neon-0.29.6-gnutls-3-functions.patch |
84 |
=================================================================== |
85 |
From d7516e56dc854308349419b81904e9a61751cde4 Mon Sep 17 00:00:00 2001 |
86 |
From: Alexander V Vershilov <alexander.vershilov@×××××.com> |
87 |
Date: Thu, 1 Nov 2012 11:44:10 +0400 |
88 |
Subject: [PATCH 1/2] neon gnutls-3 fixes |
89 |
|
90 |
--- |
91 |
macros/neon.m4 | 9 ++++++++- |
92 |
src/ne_gnutls.c | 13 +++++++++++-- |
93 |
src/ne_socket.c | 10 +++++++--- |
94 |
3 files changed, 26 insertions(+), 6 deletions(-) |
95 |
|
96 |
diff --git a/macros/neon.m4 b/macros/neon.m4 |
97 |
index 32111c7..40f1d71 100644 |
98 |
--- a/macros/neon.m4 |
99 |
+++ b/macros/neon.m4 |
100 |
@@ -982,13 +982,20 @@ gnutls) |
101 |
# Check for functions in later releases |
102 |
NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \ |
103 |
gnutls_sign_callback_set \ |
104 |
+ gnutls_certificate_get_issuer \ |
105 |
gnutls_certificate_get_x509_cas \ |
106 |
- gnutls_certificate_verify_peers2]) |
107 |
+ gnutls_certificate_verify_peers2 \ |
108 |
+ gnutls_x509_crt_sign2]) |
109 |
|
110 |
# fail if gnutls_certificate_verify_peers2 is not found |
111 |
if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then |
112 |
AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required]) |
113 |
fi |
114 |
+ |
115 |
+ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required) |
116 |
+ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then |
117 |
+ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)]) |
118 |
+ fi |
119 |
|
120 |
# Check for iconv support if using the new RDN access functions: |
121 |
if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then |
122 |
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c |
123 |
index eec5655..d50c6ce 100644 |
124 |
--- a/src/ne_gnutls.c |
125 |
+++ b/src/ne_gnutls.c |
126 |
@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx) |
127 |
ne_free(ctx); |
128 |
} |
129 |
|
130 |
-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS |
131 |
+#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) |
132 |
/* Return the issuer of the given certificate, or NULL if none can be |
133 |
* found. */ |
134 |
static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list, |
135 |
@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock, |
136 |
} |
137 |
} |
138 |
|
139 |
-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS |
140 |
+#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) |
141 |
/* GnuTLS only returns the peers which were *sent* by the server |
142 |
* in the Certificate list during the handshake. Fill in the |
143 |
* complete chain manually against the certs we trust: */ |
144 |
if (current->issuer == NULL) { |
145 |
gnutls_x509_crt issuer; |
146 |
+ |
147 |
+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER |
148 |
gnutls_x509_crt *ca_list; |
149 |
unsigned int num_cas; |
150 |
|
151 |
gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); |
152 |
+#endif |
153 |
|
154 |
do { |
155 |
/* Look up the issuer. */ |
156 |
+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER |
157 |
issuer = find_issuer(ca_list, num_cas, current->subject); |
158 |
+#else |
159 |
+ if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0)) |
160 |
+ issuer = NULL; |
161 |
+#endif |
162 |
+ |
163 |
if (issuer) { |
164 |
issuer = x509_crt_copy(issuer); |
165 |
cert = populate_cert(ne_calloc(sizeof *cert), issuer); |
166 |
diff --git a/src/ne_socket.c b/src/ne_socket.c |
167 |
index 12cf020..faee20c 100644 |
168 |
--- a/src/ne_socket.c |
169 |
+++ b/src/ne_socket.c |
170 |
@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret) |
171 |
_("SSL alert received: %s"), |
172 |
gnutls_alert_get_name(gnutls_alert_get(sock->ssl))); |
173 |
break; |
174 |
+#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99) |
175 |
+ case GNUTLS_E_PREMATURE_TERMINATION: |
176 |
+#else |
177 |
case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: |
178 |
- /* It's not exactly an API guarantee but this error will |
179 |
- * always mean a premature EOF. */ |
180 |
+#endif |
181 |
ret = NE_SOCK_TRUNC; |
182 |
set_error(sock, _("Secure connection truncated")); |
183 |
break; |
184 |
@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) |
185 |
NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); |
186 |
} |
187 |
#elif defined(HAVE_GNUTLS) |
188 |
+ unsigned int verify_status; |
189 |
+ |
190 |
gnutls_init(&ssl, GNUTLS_SERVER); |
191 |
gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); |
192 |
gnutls_set_default_priority(ssl); |
193 |
@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) |
194 |
if (ret < 0) { |
195 |
return error_gnutls(sock, ret); |
196 |
} |
197 |
- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { |
198 |
+ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) { |
199 |
set_error(sock, _("Client certificate verification failed")); |
200 |
return NE_SOCK_ERROR; |
201 |
} |
202 |
-- |
203 |
1.7.12.3 |