From b3fcb394e5a4c927cb3e29aa9d351fa9f57c2d15 Mon Sep 17 00:00:00 2001
From: Lars-Dominik Braun <lars@6xq.net>
Date: Fri, 11 Nov 2011 18:49:46 +0100
Subject: waitress: Support GnuTLS <= 2.10.0

Both, 1.x and 2.x are now supported. See issue #182.
---
 INSTALL                    |  2 +-
 src/libwaitress/waitress.c | 27 ++++++++++-----------------
 2 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/INSTALL b/INSTALL
index d8e7b58..cbb0dfc 100644
--- a/INSTALL
+++ b/INSTALL
@@ -7,7 +7,7 @@ Dependencies
 - gmake
 - pthreads
 - libao
-- gnutls >= 2.10.0
+- gnutls
 - libfaad2 and/or libmad
 - UTF-8 console/locale
 
diff --git a/src/libwaitress/waitress.c b/src/libwaitress/waitress.c
index 7082ffd..69c4d3a 100644
--- a/src/libwaitress/waitress.c
+++ b/src/libwaitress/waitress.c
@@ -687,14 +687,11 @@ static int WaitressParseStatusline (const char * const line) {
 
 /*	verify server certificate
  */
-static int WaitressTlsVerify (gnutls_session_t session) {
-	unsigned int status, certListSize;
+static int WaitressTlsVerify (const WaitressHandle_t *waith) {
+	gnutls_session_t session = waith->request.tlsSession;
+	unsigned int certListSize;
 	const gnutls_datum_t *certList;
 	gnutls_x509_crt_t cert;
-	const WaitressHandle_t *waith;
-
-	waith = gnutls_session_get_ptr (session);
-	assert (waith != NULL);
 
 	if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) {
 		return GNUTLS_E_CERTIFICATE_ERROR;
@@ -807,6 +804,10 @@ static WaitressReturn_t WaitressConnect (WaitressHandle_t *waith) {
 		if (gnutls_handshake (waith->request.tlsSession) != GNUTLS_E_SUCCESS) {
 			return WAITRESS_RET_TLS_HANDSHAKE_ERR;
 		}
+
+		if (WaitressTlsVerify (waith) != 0) {
+			return WAITRESS_RET_TLS_HANDSHAKE_ERR;
+		}
 	}
 
 	return WAITRESS_RET_OK;
@@ -1020,12 +1021,10 @@ WaitressReturn_t WaitressFetchCall (WaitressHandle_t *waith) {
 	if (waith->url.tls) {
 		waith->request.read = WaitressGnutlsRead;
 		waith->request.write = WaitressGnutlsWrite;
+
 		gnutls_init (&waith->request.tlsSession, GNUTLS_CLIENT);
-		const char *err;
-		if (gnutls_priority_set_direct (waith->request.tlsSession,
-				"PERFORMANCE", &err) != GNUTLS_E_SUCCESS) {
-			return WAITRESS_RET_ERR;
-		}
+		gnutls_set_default_priority (waith->request.tlsSession);
+
 		gnutls_certificate_allocate_credentials (&waith->tlsCred);
 		if (gnutls_credentials_set (waith->request.tlsSession,
 				GNUTLS_CRD_CERTIFICATE,
@@ -1040,12 +1039,6 @@ WaitressReturn_t WaitressFetchCall (WaitressHandle_t *waith) {
 				WaitressPollRead);
 		gnutls_transport_set_push_function (waith->request.tlsSession,
 				WaitressPollWrite);
-
-		/* certificate verification function */
-		gnutls_session_set_ptr (waith->request.tlsSession,
-				(gnutls_transport_ptr_t) waith);
-		gnutls_certificate_set_verify_function (waith->tlsCred,
-				WaitressTlsVerify);
 	}
 
 	/* request */
-- 
cgit v1.2.3