File loudmouth-1.4.3-gnutls.patch of Package mingw64-loudmouth
--- loudmouth-1.4.3/loudmouth/lm-ssl-base.c 2008-10-29 14:45:10.000000000 +0100
+++ loudmouth-1.4.3/loudmouth/lm-ssl-base.c 2016-05-27 09:02:12.300545844 +0200
@@ -33,6 +33,7 @@
base->func_data = user_data;
base->data_notify = notify;
base->fingerprint[0] = '\0';
+ base->cipher_list = NULL;
if (expected_fingerprint) {
base->expected_fingerprint = g_memdup (expected_fingerprint, 16);
@@ -49,8 +50,27 @@
}
void
+_lm_ssl_base_set_cipher_list (LmSSLBase *base,
+ const gchar *cipher_list)
+{
+ if (base->cipher_list)
+ g_free (base->cipher_list);
+ base->cipher_list = g_strdup (cipher_list);
+}
+
+void
+_lm_ssl_base_set_ca_path (LmSSLBase *base,
+ const gchar *ca_path)
+{
+ if (base->ca_path)
+ g_free (base->ca_path);
+ base->ca_path = g_strdup (ca_path);
+}
+void
_lm_ssl_base_free_fields (LmSSLBase *base)
{
g_free (base->expected_fingerprint);
+ g_free (base->cipher_list);
+ g_free (base->ca_path);
}
--- loudmouth-1.4.3/loudmouth/lm-ssl-base.h 2008-10-29 14:45:10.000000000 +0100
+++ loudmouth-1.4.3/loudmouth/lm-ssl-base.h 2016-05-27 09:02:12.300545844 +0200
@@ -30,6 +30,8 @@
LmSSLFunction func;
gpointer func_data;
GDestroyNotify data_notify;
+ gchar *cipher_list;
+ gchar *ca_path;
gchar *expected_fingerprint;
char fingerprint[20];
gboolean use_starttls;
@@ -44,6 +46,12 @@
gpointer user_data,
GDestroyNotify notify);
+void _lm_ssl_base_set_cipher_list (LmSSLBase *base,
+ const gchar *cipher_list);
+
+void _lm_ssl_base_set_ca_path (LmSSLBase *base,
+ const gchar *ca_path);
+
void _lm_ssl_base_free_fields (LmSSLBase *base);
#endif /* __LM_SSL_BASE_H__ */
--- loudmouth-1.4.3/loudmouth/lm-ssl-generic.c 2008-10-29 21:42:09.000000000 +0100
+++ loudmouth-1.4.3/loudmouth/lm-ssl-generic.c 2016-05-27 09:02:12.300545844 +0200
@@ -169,6 +168,29 @@
return ssl;
}
+void
+lm_ssl_set_cipher_list (LmSSL *ssl,
+ const gchar *cipher_list)
+{
+ _lm_ssl_base_set_cipher_list(LM_SSL_BASE(ssl), cipher_list);
+}
+
+/**
+ * lm_ssl_set_ca:
+ * @ssl: an #LmSSL
+ * @ca_path: path to a certificate or a directory containing certificates
+ *
+ * Sets a path to certificates which should be trusted.
+ *
+ **/
+
+void
+lm_ssl_set_ca (LmSSL *ssl, const gchar *ca_path)
+{
+ _lm_ssl_base_set_ca_path(LM_SSL_BASE(ssl), ca_path);
+}
+
+
/**
* lm_ssl_use_starttls:
* @ssl: an #LmSSL
Only in loudmouth-1.4.3/loudmouth: lm-ssl-generic.c.orig
--- loudmouth-1.4.3/loudmouth/lm-ssl-gnutls.c 2008-10-29 14:45:10.000000000 +0100
+++ loudmouth-1.4.3/loudmouth/lm-ssl-gnutls.c 2016-05-27 09:02:12.300545844 +0200
@@ -20,7 +20,12 @@
#include <config.h>
+#include <errno.h>
#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <dirent.h>
#include <glib.h>
#include "lm-debug.h"
@@ -38,7 +42,7 @@
LmSSLBase base;
gnutls_session gnutls_session;
- gnutls_certificate_credentials gnutls_xcred;
+ gnutls_certificate_credentials_t gnutls_xcred;
gboolean started;
};
@@ -192,21 +196,93 @@
}
gboolean
+_lm_ssl_set_ca (LmSSL *ssl,
+ const gchar *ca_path)
+{
+ struct stat target;
+
+ if (stat (ca_path, &target) != 0) {
+ g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL,
+ "ca_path '%s': no such file or directory", ca_path);
+ return FALSE;
+ }
+
+ if (S_ISDIR (target.st_mode)) {
+ int success = 0;
+ int worked_at_least_once = 0;
+ DIR *dir;
+ struct dirent *entry;
+
+ if ((dir = opendir (ca_path)) == NULL) {
+ g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL,
+ "Couldn't open '%s': %s",
+ ca_path, strerror(errno));
+ return FALSE;
+ }
+
+ for (entry = readdir (dir); entry != NULL; entry = readdir (dir)) {
+ struct stat file;
+ gchar *path = g_build_path ("/", ca_path, entry->d_name, NULL);
+
+ if ((stat (path, &file) == 0) && S_ISREG (file.st_mode)) {
+ success = gnutls_certificate_set_x509_trust_file (
+ ssl->gnutls_xcred, path, GNUTLS_X509_FMT_PEM);
+ if (success > 0)
+ worked_at_least_once = 1;
+ if (success < 0) {
+ g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL,
+ "Loading of certificate '%s' failed: %s",
+ path, gnutls_strerror(success));
+ }
+ }
+ g_free (path);
+ }
+ closedir (dir);
+
+ if (!worked_at_least_once) {
+ g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL,
+ "No certificates in ca_path '%s'. Are they in PEM format?",
+ ca_path);
+ return FALSE;
+ }
+
+ } else if (S_ISREG (target.st_mode)) {
+ int success = 0;
+ success = gnutls_certificate_set_x509_trust_file (ssl->gnutls_xcred,
+ ca_path,
+ GNUTLS_X509_FMT_PEM);
+ if (success < 0) {
+ g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL,
+ "Loading of ca_path '%s' failed: %s",
+ ca_path, gnutls_strerror(success));
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
+gboolean
_lm_ssl_begin (LmSSL *ssl, gint fd, const gchar *server, GError **error)
{
int ret;
+ LmSSLBase *base;
gboolean auth_ok = TRUE;
- const int cert_type_priority[] =
- { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
- const int compression_priority[] =
- { GNUTLS_COMP_DEFLATE, GNUTLS_COMP_NULL, 0 };
+ base = LM_SSL_BASE(ssl);
gnutls_init (&ssl->gnutls_session, GNUTLS_CLIENT);
- gnutls_set_default_priority (ssl->gnutls_session);
- gnutls_certificate_type_set_priority (ssl->gnutls_session,
- cert_type_priority);
- gnutls_compression_set_priority (ssl->gnutls_session,
- compression_priority);
+ if (base->cipher_list) {
+ gnutls_priority_set_direct (ssl->gnutls_session, base->cipher_list, NULL);
+ } else {
+ gnutls_priority_set_direct (ssl->gnutls_session, "NORMAL", NULL);
+ }
+ if (base->ca_path) {
+ _lm_ssl_set_ca(ssl, base->ca_path);
+ } else {
+ gnutls_certificate_set_x509_system_trust(ssl->gnutls_xcred);
+ }
+ if (base->ca_path) {
+ _lm_ssl_set_ca(ssl, base->ca_path);
+ }
gnutls_credentials_set (ssl->gnutls_session,
GNUTLS_CRD_CERTIFICATE,
ssl->gnutls_xcred);
@@ -237,6 +313,10 @@
return FALSE;
}
+ lm_verbose ("GNUTLS negotiated cipher suite: %s",
+ gnutls_cipher_suite_get_name(gnutls_kx_get(ssl->gnutls_session),
+ gnutls_cipher_get(ssl->gnutls_session),
+ gnutls_mac_get(ssl->gnutls_session)));
lm_verbose ("GNUTLS negotiated compression: %s",
gnutls_compression_get_name (gnutls_compression_get
(ssl->gnutls_session)));
Only in loudmouth-1.4.3/loudmouth: lm-ssl-gnutls.c.orig
--- loudmouth-1.4.3/loudmouth/lm-ssl.h 2008-10-29 21:43:19.000000000 +0100
+++ loudmouth-1.4.3/loudmouth/lm-ssl.h 2016-05-27 09:02:12.300545844 +0200
@@ -63,6 +63,12 @@
gboolean lm_ssl_is_supported (void);
+void lm_ssl_set_cipher_list (LmSSL *ssl,
+ const gchar *cipher_list);
+
+void lm_ssl_set_ca (LmSSL *ssl,
+ const gchar *ca_path);
+
const gchar * lm_ssl_get_fingerprint (LmSSL *ssl);
void lm_ssl_use_starttls (LmSSL *ssl,
Only in loudmouth-1.4.3/loudmouth: lm-ssl.h.orig
--- loudmouth-1.4.3/loudmouth/lm-ssl-internals.h 2008-10-29 14:19:24.000000000 +0100
+++ loudmouth-1.4.3/loudmouth/lm-ssl-internals.h 2016-05-27 09:02:12.300545844 +0200
@@ -32,6 +32,8 @@
GDestroyNotify notify);
void _lm_ssl_initialize (LmSSL *ssl);
+gboolean _lm_ssl_set_ca (LmSSL *ssl,
+ const gchar *ca_path);
gboolean _lm_ssl_begin (LmSSL *ssl,
gint fd,
const gchar *server,
--- loudmouth-1.4.3/loudmouth/lm-ssl-openssl.c 2008-10-29 17:29:51.000000000 +0100
+++ loudmouth-1.4.3/loudmouth/lm-ssl-openssl.c 2016-05-27 09:02:12.300545844 +0200
@@ -23,6 +23,8 @@
#include <stdio.h>
#include <string.h>
#include <glib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#ifndef G_OS_WIN32
#include <unistd.h>
#endif
@@ -316,11 +318,42 @@
}
gboolean
+_lm_ssl_set_ca (LmSSL *ssl,
+ const gchar *ca_path)
+{
+ struct stat target;
+ int success = 0;
+
+ if (stat (ca_path, &target) != 0) {
+ g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL,
+ "ca_path '%s': no such file or directory", ca_path);
+ return FALSE;
+ }
+
+ if (S_ISDIR (target.st_mode)) {
+ success = SSL_CTX_load_verify_locations(ssl->ssl_ctx, NULL, ca_path);
+ } else if (S_ISREG (target.st_mode)) {
+ success = SSL_CTX_load_verify_locations(ssl->ssl_ctx, ca_path, NULL);
+ }
+ if (success == 0) {
+ g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL,
+ "Loading of ca_path '%s' failed: %s",
+ ca_path,
+ ERR_error_string(ERR_peek_last_error(), NULL));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+gboolean
_lm_ssl_begin (LmSSL *ssl, gint fd, const gchar *server, GError **error)
{
gint ssl_ret;
GIOStatus status;
+ LmSSLBase *base;
+ base = LM_SSL_BASE(ssl);
if (!ssl->ssl_ctx) {
g_set_error (error,
LM_ERROR, LM_ERROR_CONNECTION_OPEN,
@@ -328,6 +361,13 @@
return FALSE;
}
+ if (base->cipher_list) {
+ SSL_CTX_set_cipher_list(ssl->ssl_ctx, base->cipher_list);
+ }
+ if (base->ca_path) {
+ _lm_ssl_set_ca (ssl, base->ca_path);
+ }
+
ssl->ssl = SSL_new(ssl->ssl_ctx);
if (ssl->ssl == NULL) {
g_warning ("SSL_new() == NULL");
Only in loudmouth-1.4.3/loudmouth: lm-ssl-openssl.c.orig
--- loudmouth-1.4.3/loudmouth/loudmouth.sym 2008-10-29 14:45:10.000000000 +0100
+++ loudmouth-1.4.3/loudmouth/loudmouth.sym 2016-05-27 09:02:12.304545756 +0200
@@ -82,6 +82,8 @@
lm_ssl_new
lm_ssl_ref
lm_ssl_unref
+lm_ssl_set_ca
+lm_ssl_set_cipher_list
lm_ssl_use_starttls
lm_utils_get_localtime
lm_sha_hash
Only in loudmouth-1.4.3/loudmouth: loudmouth.sym.orig
