From b3fcb394e5a4c927cb3e29aa9d351fa9f57c2d15 Mon Sep 17 00:00:00 2001 From: Lars-Dominik Braun Date: Fri, 11 Nov 2011 18:49:46 +0100 Subject: waitress: Support GnuTLS <= 2.10.0 Both, 1.x and 2.x are now supported. See issue #182. --- src/libwaitress/waitress.c | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) (limited to 'src/libwaitress/waitress.c') diff --git a/src/libwaitress/waitress.c b/src/libwaitress/waitress.c index 7082ffd..69c4d3a 100644 --- a/src/libwaitress/waitress.c +++ b/src/libwaitress/waitress.c @@ -687,14 +687,11 @@ static int WaitressParseStatusline (const char * const line) { /* verify server certificate */ -static int WaitressTlsVerify (gnutls_session_t session) { - unsigned int status, certListSize; +static int WaitressTlsVerify (const WaitressHandle_t *waith) { + gnutls_session_t session = waith->request.tlsSession; + unsigned int certListSize; const gnutls_datum_t *certList; gnutls_x509_crt_t cert; - const WaitressHandle_t *waith; - - waith = gnutls_session_get_ptr (session); - assert (waith != NULL); if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) { return GNUTLS_E_CERTIFICATE_ERROR; @@ -807,6 +804,10 @@ static WaitressReturn_t WaitressConnect (WaitressHandle_t *waith) { if (gnutls_handshake (waith->request.tlsSession) != GNUTLS_E_SUCCESS) { return WAITRESS_RET_TLS_HANDSHAKE_ERR; } + + if (WaitressTlsVerify (waith) != 0) { + return WAITRESS_RET_TLS_HANDSHAKE_ERR; + } } return WAITRESS_RET_OK; @@ -1020,12 +1021,10 @@ WaitressReturn_t WaitressFetchCall (WaitressHandle_t *waith) { if (waith->url.tls) { waith->request.read = WaitressGnutlsRead; waith->request.write = WaitressGnutlsWrite; + gnutls_init (&waith->request.tlsSession, GNUTLS_CLIENT); - const char *err; - if (gnutls_priority_set_direct (waith->request.tlsSession, - "PERFORMANCE", &err) != GNUTLS_E_SUCCESS) { - return WAITRESS_RET_ERR; - } + gnutls_set_default_priority (waith->request.tlsSession); + gnutls_certificate_allocate_credentials (&waith->tlsCred); if (gnutls_credentials_set (waith->request.tlsSession, GNUTLS_CRD_CERTIFICATE, @@ -1040,12 +1039,6 @@ WaitressReturn_t WaitressFetchCall (WaitressHandle_t *waith) { WaitressPollRead); gnutls_transport_set_push_function (waith->request.tlsSession, WaitressPollWrite); - - /* certificate verification function */ - gnutls_session_set_ptr (waith->request.tlsSession, - (gnutls_transport_ptr_t) waith); - gnutls_certificate_set_verify_function (waith->tlsCred, - WaitressTlsVerify); } /* request */ -- cgit v1.2.3