summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Metzler <ametzler@debian.org>2014-12-03 12:07:40 +0000
committerTom Hacohen <tom@stosb.com>2014-12-03 12:11:05 +0000
commitecfcb59c44a9bc7dd2ce95493806f6ac107c0d46 (patch)
tree18f5d287b113fc5d751457add6795afc7cbefe96
parent0889fde94b9e91a70e18cabb2be3576b0a6ce099 (diff)
ecore con: Fix GnuTLS build error.
By making the respective changes on the GnuTLS side for upstream commits d9b5f192d4883193f79cd3e43ed1da52521825dc and d72f809fb874c8f14b1461949802905d41d648a1 which only take care of OpenSSL. @fix
-rw-r--r--src/lib/ecore_con/ecore_con_ssl.c78
1 files changed, 46 insertions, 32 deletions
diff --git a/src/lib/ecore_con/ecore_con_ssl.c b/src/lib/ecore_con/ecore_con_ssl.c
index bf63469..d31b44e 100644
--- a/src/lib/ecore_con/ecore_con_ssl.c
+++ b/src/lib/ecore_con/ecore_con_ssl.c
@@ -885,9 +885,10 @@ _ecore_con_ssl_shutdown_gnutls(void)
885} 885}
886 886
887static Ecore_Con_Ssl_Error 887static Ecore_Con_Ssl_Error
888_ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *svr, 888_ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *obj,
889 int ssl_type) 889 int ssl_type)
890{ 890{
891 Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
891 int ret; 892 int ret;
892 893
893 if (ssl_type & ECORE_CON_USE_SSL2) 894 if (ssl_type & ECORE_CON_USE_SSL2)
@@ -938,13 +939,14 @@ _ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *svr,
938 939
939error: 940error:
940 _gnutls_print_errors(svr, ECORE_CON_EVENT_SERVER_ERROR, ret); 941 _gnutls_print_errors(svr, ECORE_CON_EVENT_SERVER_ERROR, ret);
941 _ecore_con_ssl_server_shutdown_gnutls(svr); 942 _ecore_con_ssl_server_shutdown_gnutls(obj);
942 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED; 943 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
943} 944}
944 945
945static Ecore_Con_Ssl_Error 946static Ecore_Con_Ssl_Error
946_ecore_con_ssl_server_init_gnutls(Ecore_Con_Server *svr) 947_ecore_con_ssl_server_init_gnutls(Ecore_Con_Server *obj)
947{ 948{
949 Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
948 const gnutls_datum_t *cert_list; 950 const gnutls_datum_t *cert_list;
949 unsigned int iter, cert_list_size; 951 unsigned int iter, cert_list_size;
950 gnutls_x509_crt_t cert = NULL; 952 gnutls_x509_crt_t cert = NULL;
@@ -1073,14 +1075,15 @@ error:
1073 } 1075 }
1074 if (cert) 1076 if (cert)
1075 gnutls_x509_crt_deinit(cert); 1077 gnutls_x509_crt_deinit(cert);
1076 _ecore_con_ssl_server_shutdown_gnutls(svr); 1078 _ecore_con_ssl_server_shutdown_gnutls(obj);
1077 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED; 1079 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
1078} 1080}
1079 1081
1080static Eina_Bool 1082static Eina_Bool
1081_ecore_con_ssl_server_cafile_add_gnutls(Ecore_Con_Server *svr, 1083_ecore_con_ssl_server_cafile_add_gnutls(Ecore_Con_Server *obj,
1082 const char *ca_file) 1084 const char *ca_file)
1083{ 1085{
1086 Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
1084 struct stat st; 1087 struct stat st;
1085 Eina_Iterator *it; 1088 Eina_Iterator *it;
1086 const char *file; 1089 const char *file;
@@ -1113,9 +1116,10 @@ error:
1113} 1116}
1114 1117
1115static Eina_Bool 1118static Eina_Bool
1116_ecore_con_ssl_server_crl_add_gnutls(Ecore_Con_Server *svr, 1119_ecore_con_ssl_server_crl_add_gnutls(Ecore_Con_Server *obj,
1117 const char *crl_file) 1120 const char *crl_file)
1118{ 1121{
1122 Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
1119 SSL_ERROR_CHECK_GOTO_ERROR(gnutls_certificate_set_x509_crl_file(svr->cert, crl_file, 1123 SSL_ERROR_CHECK_GOTO_ERROR(gnutls_certificate_set_x509_crl_file(svr->cert, crl_file,
1120 GNUTLS_X509_FMT_PEM) < 1); 1124 GNUTLS_X509_FMT_PEM) < 1);
1121 1125
@@ -1126,9 +1130,10 @@ error:
1126} 1130}
1127 1131
1128static Eina_Bool 1132static Eina_Bool
1129_ecore_con_ssl_server_privkey_add_gnutls(Ecore_Con_Server *svr, 1133_ecore_con_ssl_server_privkey_add_gnutls(Ecore_Con_Server *obj,
1130 const char *key_file) 1134 const char *key_file)
1131{ 1135{
1136 Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
1132 SSL_ERROR_CHECK_GOTO_ERROR(gnutls_certificate_set_x509_key_file(svr->cert, svr->cert_file, key_file, 1137 SSL_ERROR_CHECK_GOTO_ERROR(gnutls_certificate_set_x509_key_file(svr->cert, svr->cert_file, key_file,
1133 GNUTLS_X509_FMT_PEM)); 1138 GNUTLS_X509_FMT_PEM));
1134 1139
@@ -1139,9 +1144,10 @@ error:
1139} 1144}
1140 1145
1141static Eina_Bool 1146static Eina_Bool
1142_ecore_con_ssl_server_cert_add_gnutls(Ecore_Con_Server *svr, 1147_ecore_con_ssl_server_cert_add_gnutls(Ecore_Con_Server *obj,
1143 const char *cert_file) 1148 const char *cert_file)
1144{ 1149{
1150 Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
1145 if (!(svr->cert_file = strdup(cert_file))) 1151 if (!(svr->cert_file = strdup(cert_file)))
1146 return EINA_FALSE; 1152 return EINA_FALSE;
1147 1153
@@ -1149,8 +1155,9 @@ _ecore_con_ssl_server_cert_add_gnutls(Ecore_Con_Server *svr,
1149} 1155}
1150 1156
1151static Ecore_Con_Ssl_Error 1157static Ecore_Con_Ssl_Error
1152_ecore_con_ssl_server_shutdown_gnutls(Ecore_Con_Server *svr) 1158_ecore_con_ssl_server_shutdown_gnutls(Ecore_Con_Server *obj)
1153{ 1159{
1160 Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
1154 if (svr->session) 1161 if (svr->session)
1155 { 1162 {
1156 gnutls_bye(svr->session, GNUTLS_SHUT_RDWR); 1163 gnutls_bye(svr->session, GNUTLS_SHUT_RDWR);
@@ -1195,16 +1202,17 @@ _ecore_con_ssl_server_shutdown_gnutls(Ecore_Con_Server *svr)
1195} 1202}
1196 1203
1197static int 1204static int
1198_ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *svr, 1205_ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *obj,
1199 unsigned char *buf, 1206 unsigned char *buf,
1200 int size) 1207 int size)
1201{ 1208{
1209 Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
1202 int num; 1210 int num;
1203 1211
1204 if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING) 1212 if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
1205 { 1213 {
1206 DBG("Continuing gnutls handshake"); 1214 DBG("Continuing gnutls handshake");
1207 if (!_ecore_con_ssl_server_init_gnutls(svr)) 1215 if (!_ecore_con_ssl_server_init_gnutls(obj))
1208 return 0; 1216 return 0;
1209 return -1; 1217 return -1;
1210 } 1218 }
@@ -1220,7 +1228,7 @@ _ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *svr,
1220 1228
1221 svr->handshaking = EINA_TRUE; 1229 svr->handshaking = EINA_TRUE;
1222 svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING; 1230 svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
1223 if (!_ecore_con_ssl_server_init_gnutls(svr)) 1231 if (!_ecore_con_ssl_server_init_gnutls(obj))
1224 return 0; 1232 return 0;
1225 } 1233 }
1226 else if ((!gnutls_error_is_fatal(num)) && (num != GNUTLS_E_SUCCESS)) 1234 else if ((!gnutls_error_is_fatal(num)) && (num != GNUTLS_E_SUCCESS))
@@ -1230,16 +1238,17 @@ _ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *svr,
1230} 1238}
1231 1239
1232static int 1240static int
1233_ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *svr, 1241_ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *obj,
1234 const unsigned char *buf, 1242 const unsigned char *buf,
1235 int size) 1243 int size)
1236{ 1244{
1245 Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
1237 int num; 1246 int num;
1238 1247
1239 if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING) 1248 if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
1240 { 1249 {
1241 DBG("Continuing gnutls handshake"); 1250 DBG("Continuing gnutls handshake");
1242 if (!_ecore_con_ssl_server_init_gnutls(svr)) 1251 if (!_ecore_con_ssl_server_init_gnutls(obj))
1243 return 0; 1252 return 0;
1244 return -1; 1253 return -1;
1245 } 1254 }
@@ -1255,7 +1264,7 @@ _ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *svr,
1255/* this is only partly functional I think? */ 1264/* this is only partly functional I think? */
1256 svr->handshaking = EINA_TRUE; 1265 svr->handshaking = EINA_TRUE;
1257 svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING; 1266 svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
1258 if (!_ecore_con_ssl_server_init_gnutls(svr)) 1267 if (!_ecore_con_ssl_server_init_gnutls(obj))
1259 return 0; 1268 return 0;
1260 } 1269 }
1261 else if (!gnutls_error_is_fatal(num)) 1270 else if (!gnutls_error_is_fatal(num))
@@ -1265,8 +1274,10 @@ _ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *svr,
1265} 1274}
1266 1275
1267static Ecore_Con_Ssl_Error 1276static Ecore_Con_Ssl_Error
1268_ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *cl) 1277_ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *obj)
1269{ 1278{
1279 Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
1280 Ecore_Con_Server_Data *host_server = eo_data_scope_get(cl->host_server, ECORE_CON_SERVER_CLASS);
1270 const gnutls_datum_t *cert_list; 1281 const gnutls_datum_t *cert_list;
1271 unsigned int iter, cert_list_size; 1282 unsigned int iter, cert_list_size;
1272 const char *priority = "NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT"; 1283 const char *priority = "NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT";
@@ -1278,10 +1289,10 @@ _ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *cl)
1278 return ECORE_CON_SSL_ERROR_NONE; 1289 return ECORE_CON_SSL_ERROR_NONE;
1279 1290
1280 case ECORE_CON_SSL_STATE_INIT: 1291 case ECORE_CON_SSL_STATE_INIT:
1281 if (cl->host_server->type & ECORE_CON_USE_SSL2) /* not supported because of security issues */ 1292 if (host_server->type & ECORE_CON_USE_SSL2) /* not supported because of security issues */
1282 return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED; 1293 return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
1283 1294
1284 switch (cl->host_server->type & ECORE_CON_SSL) 1295 switch (host_server->type & ECORE_CON_SSL)
1285 { 1296 {
1286 case ECORE_CON_USE_SSL3: 1297 case ECORE_CON_USE_SSL3:
1287 case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT: 1298 case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
@@ -1309,10 +1320,10 @@ _ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *cl)
1309 INF("Applying priority string: %s", priority); 1320 INF("Applying priority string: %s", priority);
1310 SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_priority_set_direct(cl->session, priority, NULL)); 1321 SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_priority_set_direct(cl->session, priority, NULL));
1311 gnutls_handshake_set_private_extensions(cl->session, 1); 1322 gnutls_handshake_set_private_extensions(cl->session, 1);
1312 SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_CERTIFICATE, cl->host_server->cert)); 1323 SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_CERTIFICATE, host_server->cert));
1313 // SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_PSK, cl->host_server->pskcred_s)); 1324 // SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_PSK, host_server->pskcred_s));
1314 if (!cl->host_server->use_cert) 1325 if (!host_server->use_cert)
1315 SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_ANON, cl->host_server->anoncred_s)); 1326 SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_ANON, host_server->anoncred_s));
1316 1327
1317 gnutls_certificate_server_set_request(cl->session, GNUTLS_CERT_REQUEST); 1328 gnutls_certificate_server_set_request(cl->session, GNUTLS_CERT_REQUEST);
1318 1329
@@ -1348,7 +1359,7 @@ _ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *cl)
1348 break; 1359 break;
1349 } 1360 }
1350 1361
1351 if (!cl->host_server->verify) 1362 if (!host_server->verify)
1352 /* not verifying certificates, so we're done! */ 1363 /* not verifying certificates, so we're done! */
1353 return ECORE_CON_SSL_ERROR_NONE; 1364 return ECORE_CON_SSL_ERROR_NONE;
1354 /* use CRL/CA lists to verify */ 1365 /* use CRL/CA lists to verify */
@@ -1381,7 +1392,7 @@ _ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *cl)
1381 SSL_ERROR_CHECK_GOTO_ERROR(gnutls_x509_crt_init(&cert)); 1392 SSL_ERROR_CHECK_GOTO_ERROR(gnutls_x509_crt_init(&cert));
1382 SSL_ERROR_CHECK_GOTO_ERROR(gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER)); 1393 SSL_ERROR_CHECK_GOTO_ERROR(gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER));
1383 1394
1384 SSL_ERROR_CHECK_GOTO_ERROR(!gnutls_x509_crt_check_hostname(cert, cl->host_server->name)); 1395 SSL_ERROR_CHECK_GOTO_ERROR(!gnutls_x509_crt_check_hostname(cert, host_server->name));
1385 gnutls_x509_crt_deinit(cert); 1396 gnutls_x509_crt_deinit(cert);
1386 */ 1397 */
1387 DBG("SSL certificate verification succeeded!"); 1398 DBG("SSL certificate verification succeeded!");
@@ -1400,13 +1411,14 @@ error:
1400 if (cert) 1411 if (cert)
1401 gnutls_x509_crt_deinit(cert); 1412 gnutls_x509_crt_deinit(cert);
1402 */ 1413 */
1403 _ecore_con_ssl_client_shutdown_gnutls(cl); 1414 _ecore_con_ssl_client_shutdown_gnutls(obj);
1404 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED; 1415 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
1405} 1416}
1406 1417
1407static Ecore_Con_Ssl_Error 1418static Ecore_Con_Ssl_Error
1408_ecore_con_ssl_client_shutdown_gnutls(Ecore_Con_Client *cl) 1419_ecore_con_ssl_client_shutdown_gnutls(Ecore_Con_Client *obj)
1409{ 1420{
1421 Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
1410 if (cl->session) 1422 if (cl->session)
1411 { 1423 {
1412 gnutls_bye(cl->session, GNUTLS_SHUT_RDWR); 1424 gnutls_bye(cl->session, GNUTLS_SHUT_RDWR);
@@ -1421,15 +1433,16 @@ _ecore_con_ssl_client_shutdown_gnutls(Ecore_Con_Client *cl)
1421} 1433}
1422 1434
1423static int 1435static int
1424_ecore_con_ssl_client_read_gnutls(Ecore_Con_Client *cl, 1436_ecore_con_ssl_client_read_gnutls(Ecore_Con_Client *obj,
1425 unsigned char *buf, 1437 unsigned char *buf,
1426 int size) 1438 int size)
1427{ 1439{
1440 Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
1428 int num; 1441 int num;
1429 1442
1430 if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING) 1443 if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
1431 { 1444 {
1432 if (!_ecore_con_ssl_client_init_gnutls(cl)) 1445 if (!_ecore_con_ssl_client_init_gnutls(obj))
1433 return 0; 1446 return 0;
1434 return -1; 1447 return -1;
1435 } 1448 }
@@ -1444,7 +1457,7 @@ _ecore_con_ssl_client_read_gnutls(Ecore_Con_Client *cl,
1444 return 0; 1457 return 0;
1445 cl->handshaking = EINA_TRUE; 1458 cl->handshaking = EINA_TRUE;
1446 cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING; 1459 cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
1447 if (!_ecore_con_ssl_client_init_gnutls(cl)) 1460 if (!_ecore_con_ssl_client_init_gnutls(obj))
1448 return 0; 1461 return 0;
1449 WRN("Rehandshake request ignored"); 1462 WRN("Rehandshake request ignored");
1450 return 0; 1463 return 0;
@@ -1456,15 +1469,16 @@ _ecore_con_ssl_client_read_gnutls(Ecore_Con_Client *cl,
1456} 1469}
1457 1470
1458static int 1471static int
1459_ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *cl, 1472_ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *obj,
1460 const unsigned char *buf, 1473 const unsigned char *buf,
1461 int size) 1474 int size)
1462{ 1475{
1476 Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
1463 int num; 1477 int num;
1464 1478
1465 if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING) 1479 if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
1466 { 1480 {
1467 if (!_ecore_con_ssl_client_init_gnutls(cl)) 1481 if (!_ecore_con_ssl_client_init_gnutls(obj))
1468 return 0; 1482 return 0;
1469 return -1; 1483 return -1;
1470 } 1484 }
@@ -1479,7 +1493,7 @@ _ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *cl,
1479 return 0; 1493 return 0;
1480 cl->handshaking = EINA_TRUE; 1494 cl->handshaking = EINA_TRUE;
1481 cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING; 1495 cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
1482 if (!_ecore_con_ssl_client_init_gnutls(cl)) 1496 if (!_ecore_con_ssl_client_init_gnutls(obj))
1483 return 0; 1497 return 0;
1484 } 1498 }
1485 else if (!gnutls_error_is_fatal(num)) 1499 else if (!gnutls_error_is_fatal(num))