Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch')
-rw-r--r--net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch120
1 files changed, 120 insertions, 0 deletions
diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
new file mode 100644
index 000000000000..77fe9320228d
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
@@ -0,0 +1,120 @@
+From d7516e56dc854308349419b81904e9a61751cde4 Mon Sep 17 00:00:00 2001
+From: Alexander V Vershilov <alexander.vershilov@gmail.com>
+Date: Thu, 1 Nov 2012 11:44:10 +0400
+Subject: [PATCH 1/2] neon gnutls-3 fixes
+
+---
+ macros/neon.m4 | 9 ++++++++-
+ src/ne_gnutls.c | 13 +++++++++++--
+ src/ne_socket.c | 10 +++++++---
+ 3 files changed, 26 insertions(+), 6 deletions(-)
+
+diff --git a/macros/neon.m4 b/macros/neon.m4
+index 32111c7..40f1d71 100644
+--- a/macros/neon.m4
++++ b/macros/neon.m4
+@@ -982,13 +982,20 @@ gnutls)
+ # Check for functions in later releases
+ NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \
+ gnutls_sign_callback_set \
++ gnutls_certificate_get_issuer \
+ gnutls_certificate_get_x509_cas \
+- gnutls_certificate_verify_peers2])
++ gnutls_certificate_verify_peers2 \
++ gnutls_x509_crt_sign2])
+
+ # fail if gnutls_certificate_verify_peers2 is not found
+ if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then
+ AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required])
+ fi
++
++ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
++ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
++ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
++ fi
+
+ # Check for iconv support if using the new RDN access functions:
+ if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then
+diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
+index eec5655..d50c6ce 100644
+--- a/src/ne_gnutls.c
++++ b/src/ne_gnutls.c
+@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx)
+ ne_free(ctx);
+ }
+
+-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
+ /* Return the issuer of the given certificate, or NULL if none can be
+ * found. */
+ static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list,
+@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock,
+ }
+ }
+
+-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
+ /* GnuTLS only returns the peers which were *sent* by the server
+ * in the Certificate list during the handshake. Fill in the
+ * complete chain manually against the certs we trust: */
+ if (current->issuer == NULL) {
+ gnutls_x509_crt issuer;
++
++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
+ gnutls_x509_crt *ca_list;
+ unsigned int num_cas;
+
+ gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas);
++#endif
+
+ do {
+ /* Look up the issuer. */
++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
+ issuer = find_issuer(ca_list, num_cas, current->subject);
++#else
++ if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0))
++ issuer = NULL;
++#endif
++
+ if (issuer) {
+ issuer = x509_crt_copy(issuer);
+ cert = populate_cert(ne_calloc(sizeof *cert), issuer);
+diff --git a/src/ne_socket.c b/src/ne_socket.c
+index 12cf020..faee20c 100644
+--- a/src/ne_socket.c
++++ b/src/ne_socket.c
+@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret)
+ _("SSL alert received: %s"),
+ gnutls_alert_get_name(gnutls_alert_get(sock->ssl)));
+ break;
++#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99)
++ case GNUTLS_E_PREMATURE_TERMINATION:
++#else
+ case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+- /* It's not exactly an API guarantee but this error will
+- * always mean a premature EOF. */
++#endif
+ ret = NE_SOCK_TRUNC;
+ set_error(sock, _("Secure connection truncated"));
+ break;
+@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)
+ NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n");
+ }
+ #elif defined(HAVE_GNUTLS)
++ unsigned int verify_status;
++
+ gnutls_init(&ssl, GNUTLS_SERVER);
+ gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred);
+ gnutls_set_default_priority(ssl);
+@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)
+ if (ret < 0) {
+ return error_gnutls(sock, ret);
+ }
+- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) {
++ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) {
+ set_error(sock, _("Client certificate verification failed"));
+ return NE_SOCK_ERROR;
+ }
+--
+1.7.12.3
+