Skip to content
Permalink
Browse files

Fix verification of SSL certificates by calling gnutls verify callbac…

…k (patch #7459)
  • Loading branch information...
gitlem authored and flashcode committed Mar 2, 2011
1 parent bf2f7d3 commit c265cad1c95b84abfd4e8d861f25926ef13b5d91
Showing with 219 additions and 169 deletions.
  1. +3 −1 ChangeLog
  2. +36 −2 src/core/wee-hook.c
  3. +3 −1 src/core/wee-hook.h
  4. +2 −0 src/core/wee-network.c
  5. +170 −164 src/plugins/irc/irc-server.c
  6. +5 −1 src/plugins/weechat-plugin.h
@@ -1,12 +1,14 @@
WeeChat ChangeLog
=================
Sébastien Helleu <flashcode@flashtux.org>
v0.3.5-dev, 2011-03-01
v0.3.5-dev, 2011-03-02


Version 0.3.5 (under dev!)
--------------------------

* core: fix verification of SSL certificates by calling gnutls verify callback
(patch #7459)
* core: remember scroll position for all buffers in windows (bug #25555)
* core: fix crash when using column filling in bars with some empty items
(bug #32565)
@@ -1700,7 +1700,40 @@ hook_connect (struct t_weechat_plugin *plugin, const char *proxy, const char *ad
}

/*
* hook_connect_gnutls_set_certificates: set gnutls
* hook_connect_gnutls_verify_certificates: verify certificates
*/

#ifdef HAVE_GNUTLS
int
hook_connect_gnutls_verify_certificates (gnutls_session_t tls_session)
{
struct t_hook *ptr_hook;
int rc;

rc = -1;
ptr_hook = weechat_hooks[HOOK_TYPE_CONNECT];
while (ptr_hook)
{
/* looking for the right hook using to the gnutls session pointer */
if (!ptr_hook->deleted
&& HOOK_CONNECT(ptr_hook, gnutls_sess)
&& (*(HOOK_CONNECT(ptr_hook, gnutls_sess)) == tls_session))
{
rc = (int) (HOOK_CONNECT(ptr_hook, gnutls_cb))
(ptr_hook->callback_data, tls_session, NULL, 0,
NULL, 0, NULL,
WEECHAT_HOOK_CONNECT_GNUTLS_CB_VERIFY_CERT);
break;
}
ptr_hook = ptr_hook->next_hook;
}

return rc;
}
#endif

/*
* hook_connect_gnutls_set_certificates: set certificates
*/

#ifdef HAVE_GNUTLS
@@ -1725,7 +1758,8 @@ hook_connect_gnutls_set_certificates (gnutls_session_t tls_session,
{
rc = (int) (HOOK_CONNECT(ptr_hook, gnutls_cb))
(ptr_hook->callback_data, tls_session, req_ca, nreq,
pk_algos, pk_algos_len, answer);
pk_algos, pk_algos_len, answer,
WEECHAT_HOOK_CONNECT_GNUTLS_CB_SET_CERT);
break;
}
ptr_hook = ptr_hook->next_hook;
@@ -205,7 +205,8 @@ typedef int (t_hook_callback_connect)(void *data, int status,
typedef int (gnutls_callback_t)(void *data, gnutls_session_t tls_session,
const gnutls_datum_t *req_ca, int nreq,
const gnutls_pk_algorithm_t *pk_algos,
int pk_algos_len, gnutls_retr_st *answer);
int pk_algos_len, gnutls_retr_st *answer,
int action);
#endif

struct t_hook_connect
@@ -411,6 +412,7 @@ extern struct t_hook *hook_connect (struct t_weechat_plugin *plugin,
t_hook_callback_connect *callback,
void *callback_data);
#ifdef HAVE_GNUTLS
extern int hook_connect_gnutls_verify_certificates (gnutls_session_t tls_session);
extern int hook_connect_gnutls_set_certificates (gnutls_session_t tls_session,
const gnutls_datum_t *req_ca, int nreq,
const gnutls_pk_algorithm_t *pk_algos,
@@ -94,6 +94,8 @@ network_init ()
}
free (ca_path);
}
gnutls_certificate_set_verify_function (gnutls_xcred,
&hook_connect_gnutls_verify_certificates);
gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
&hook_connect_gnutls_set_certificates);
network_init_ok = 1;
Oops, something went wrong.

0 comments on commit c265cad

Please sign in to comment.
You can’t perform that action at this time.