From a66cb5a509dd74d670ed23cd6bd71d79fd769796 Mon Sep 17 00:00:00 2001 From: joe Date: Wed, 31 Jul 2013 14:08:25 +0000 Subject: Omitted in previous commit: * src/ne_socket.c: Support build with GnuTLS 3, patch by Bartosz Brachaczek. git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1916 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845 --- src/ne_socket.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/ne_socket.c b/src/ne_socket.c index a3058c8..72ec1c4 100644 --- a/src/ne_socket.c +++ b/src/ne_socket.c @@ -727,9 +727,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret) _("SSL alert received: %s"), gnutls_alert_get_name(gnutls_alert_get(sock->ssl))); break; +#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99) + case GNUTLS_E_PREMATURE_TERMINATION: +#else case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: - /* It's not exactly an API guarantee but this error will - * always mean a premature EOF. */ +#endif ret = NE_SOCK_TRUNC; set_error(sock, _("Secure connection truncated")); break; @@ -1708,6 +1710,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); } #elif defined(HAVE_GNUTLS) + unsigned int verify_status; + gnutls_init(&ssl, GNUTLS_SERVER); gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); gnutls_set_default_priority(ssl); @@ -1727,7 +1731,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) if (ret < 0) { return error_gnutls(sock, ret); } - if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { + if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) { set_error(sock, _("Client certificate verification failed")); return NE_SOCK_ERROR; } -- cgit v1.2.1