diff options
author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2013-07-31 14:08:25 +0000 |
---|---|---|
committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2013-07-31 14:08:25 +0000 |
commit | a66cb5a509dd74d670ed23cd6bd71d79fd769796 (patch) | |
tree | 437110ce81b9069d793e61428380db54d96eab48 | |
parent | d74e8ea2f6d195a0360f2f797562d42168540fa4 (diff) | |
download | neon-a66cb5a509dd74d670ed23cd6bd71d79fd769796.tar.gz |
Omitted in previous commit:
* src/ne_socket.c: Support build with GnuTLS 3, patch by Bartosz
Brachaczek.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1916 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
-rw-r--r-- | src/ne_socket.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/ne_socket.c b/src/ne_socket.c index a3058c8..72ec1c4 100644 --- a/src/ne_socket.c +++ b/src/ne_socket.c @@ -727,9 +727,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret) _("SSL alert received: %s"), gnutls_alert_get_name(gnutls_alert_get(sock->ssl))); break; +#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99) + case GNUTLS_E_PREMATURE_TERMINATION: +#else case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: - /* It's not exactly an API guarantee but this error will - * always mean a premature EOF. */ +#endif ret = NE_SOCK_TRUNC; set_error(sock, _("Secure connection truncated")); break; @@ -1708,6 +1710,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); } #elif defined(HAVE_GNUTLS) + unsigned int verify_status; + gnutls_init(&ssl, GNUTLS_SERVER); gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); gnutls_set_default_priority(ssl); @@ -1727,7 +1731,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) if (ret < 0) { return error_gnutls(sock, ret); } - if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { + if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) { set_error(sock, _("Client certificate verification failed")); return NE_SOCK_ERROR; } |