1 |
qnikst 12/11/28 11:17:14 |
2 |
|
3 |
Added: neon-0.29.6-gnutls-3-backport.patch |
4 |
Log: |
5 |
backporting patches for gnutls (#440936) |
6 |
|
7 |
(Portage version: 2.2.0_alpha142/cvs/Linux x86_64, unsigned Manifest commit) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-backport.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: neon-0.29.6-gnutls-3-backport.patch |
16 |
=================================================================== |
17 |
BUGZILLA-GENTOO: https://bugs.gentoo.org/show_bug.cgi?id=440936, |
18 |
BUGZILLA-GNUTLS: https://savannah.gnu.org/support/index.php?108189 |
19 |
|
20 |
This patch fixes situation when subversion fails on some https sources |
21 |
due incorrect handing of issuers in neon library. |
22 |
|
23 |
Patch is backported from upstream. |
24 |
|
25 |
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c |
26 |
index 5a5dca9..0eef990 100644 |
27 |
--- a/src/ne_gnutls.c |
28 |
+++ b/src/ne_gnutls.c |
29 |
@@ -1,6 +1,6 @@ |
30 |
/* |
31 |
neon SSL/TLS support using GNU TLS |
32 |
- Copyright (C) 2002-2010, Joe Orton <joe@×××××××××××.uk> |
33 |
+ Copyright (C) 2002-2011, Joe Orton <joe@×××××××××××.uk> |
34 |
Copyright (C) 2004, Aleix Conchillo Flaque <aleix@××××××××××.org> |
35 |
|
36 |
This library is free software; you can redistribute it and/or |
37 |
@@ -486,7 +486,7 @@ static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert, |
38 |
static gnutls_x509_crt x509_crt_copy(gnutls_x509_crt src) |
39 |
{ |
40 |
int ret; |
41 |
- size_t size; |
42 |
+ size_t size = 0; |
43 |
gnutls_datum tmp; |
44 |
gnutls_x509_crt dest; |
45 |
|
46 |
@@ -680,6 +680,11 @@ void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value) |
47 |
/* SSLv2 not supported. */ |
48 |
} |
49 |
|
50 |
+int ne_ssl_context_get_flag(ne_ssl_context *ctx, int flag) |
51 |
+{ |
52 |
+ return 0; |
53 |
+} |
54 |
+ |
55 |
void ne_ssl_context_destroy(ne_ssl_context *ctx) |
56 |
{ |
57 |
gnutls_certificate_free_credentials(ctx->cred); |
58 |
@@ -1128,6 +1133,21 @@ static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey, |
59 |
|
60 |
ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) |
61 |
{ |
62 |
+ gnutls_datum datum; |
63 |
+ ne_ssl_client_cert *cc; |
64 |
+ |
65 |
+ if (read_to_datum(filename, &datum)) |
66 |
+ return NULL; |
67 |
+ |
68 |
+ cc = ne_ssl_clicert_import(datum.data, datum.size); |
69 |
+ |
70 |
+ ne_free(datum.data); |
71 |
+ |
72 |
+ return cc; |
73 |
+} |
74 |
+ |
75 |
+ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen) |
76 |
+{ |
77 |
int ret; |
78 |
gnutls_datum data; |
79 |
gnutls_pkcs12_t p12; |
80 |
@@ -1136,15 +1156,14 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) |
81 |
gnutls_x509_crt cert = NULL; |
82 |
gnutls_x509_privkey pkey = NULL; |
83 |
|
84 |
- if (read_to_datum(filename, &data)) |
85 |
- return NULL; |
86 |
+ data.data = buffer; |
87 |
+ data.size = buflen; |
88 |
|
89 |
if (gnutls_pkcs12_init(&p12) != 0) { |
90 |
return NULL; |
91 |
} |
92 |
|
93 |
ret = gnutls_pkcs12_import(p12, &data, GNUTLS_X509_FMT_DER, 0); |
94 |
- ne_free(data.data); |
95 |
if (ret < 0) { |
96 |
gnutls_pkcs12_deinit(p12); |
97 |
return NULL; |
98 |
|
99 |
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c |
100 |
index 0eef990..2ed90c2 100644 |
101 |
--- a/src/ne_gnutls.c |
102 |
+++ b/src/ne_gnutls.c |
103 |
@@ -60,6 +60,9 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; |
104 |
#include "ne_private.h" |
105 |
#include "ne_privssl.h" |
106 |
|
107 |
+ |
108 |
+ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen); |
109 |
+ |
110 |
#if LIBGNUTLS_VERSION_NUMBER >= 0x020302 |
111 |
/* The GnuTLS DN functions in 2.3.2 and later allow a simpler DN |
112 |
* abstraction to be used. */ |