summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Vershilov <qnikst@gentoo.org>2012-11-01 15:52:28 +0000
committerAlexander Vershilov <qnikst@gentoo.org>2012-11-01 15:52:28 +0000
commit6af5d01863c2461f97cbc9e9791b3c31da600937 (patch)
treeb64d50c94d254ca5f656bc6c427cefef0c4a3f2c /net-libs/neon/files
parentfix gnutls-3 breakage #421441, thanks to Bartosz Brachaczek (diff)
downloadgentoo-2-6af5d01863c2461f97cbc9e9791b3c31da600937.tar.gz
gentoo-2-6af5d01863c2461f97cbc9e9791b3c31da600937.tar.bz2
gentoo-2-6af5d01863c2461f97cbc9e9791b3c31da600937.zip
fix gnutls-3 breakage #421441, thanks to Bartosz Brachaczek
(Portage version: 2.2.0_alpha142/cvs/Linux x86_64, unsigned Manifest commit)
Diffstat (limited to 'net-libs/neon/files')
-rw-r--r--net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch120
-rw-r--r--net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch57
2 files changed, 177 insertions, 0 deletions
diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
new file mode 100644
index 000000000000..77fe9320228d
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
@@ -0,0 +1,120 @@
+From d7516e56dc854308349419b81904e9a61751cde4 Mon Sep 17 00:00:00 2001
+From: Alexander V Vershilov <alexander.vershilov@gmail.com>
+Date: Thu, 1 Nov 2012 11:44:10 +0400
+Subject: [PATCH 1/2] neon gnutls-3 fixes
+
+---
+ macros/neon.m4 | 9 ++++++++-
+ src/ne_gnutls.c | 13 +++++++++++--
+ src/ne_socket.c | 10 +++++++---
+ 3 files changed, 26 insertions(+), 6 deletions(-)
+
+diff --git a/macros/neon.m4 b/macros/neon.m4
+index 32111c7..40f1d71 100644
+--- a/macros/neon.m4
++++ b/macros/neon.m4
+@@ -982,13 +982,20 @@ gnutls)
+ # Check for functions in later releases
+ NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \
+ gnutls_sign_callback_set \
++ gnutls_certificate_get_issuer \
+ gnutls_certificate_get_x509_cas \
+- gnutls_certificate_verify_peers2])
++ gnutls_certificate_verify_peers2 \
++ gnutls_x509_crt_sign2])
+
+ # fail if gnutls_certificate_verify_peers2 is not found
+ if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then
+ AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required])
+ fi
++
++ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
++ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
++ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
++ fi
+
+ # Check for iconv support if using the new RDN access functions:
+ if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then
+diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
+index eec5655..d50c6ce 100644
+--- a/src/ne_gnutls.c
++++ b/src/ne_gnutls.c
+@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx)
+ ne_free(ctx);
+ }
+
+-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
+ /* Return the issuer of the given certificate, or NULL if none can be
+ * found. */
+ static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list,
+@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock,
+ }
+ }
+
+-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
+ /* GnuTLS only returns the peers which were *sent* by the server
+ * in the Certificate list during the handshake. Fill in the
+ * complete chain manually against the certs we trust: */
+ if (current->issuer == NULL) {
+ gnutls_x509_crt issuer;
++
++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
+ gnutls_x509_crt *ca_list;
+ unsigned int num_cas;
+
+ gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas);
++#endif
+
+ do {
+ /* Look up the issuer. */
++#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
+ issuer = find_issuer(ca_list, num_cas, current->subject);
++#else
++ if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0))
++ issuer = NULL;
++#endif
++
+ if (issuer) {
+ issuer = x509_crt_copy(issuer);
+ cert = populate_cert(ne_calloc(sizeof *cert), issuer);
+diff --git a/src/ne_socket.c b/src/ne_socket.c
+index 12cf020..faee20c 100644
+--- a/src/ne_socket.c
++++ b/src/ne_socket.c
+@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret)
+ _("SSL alert received: %s"),
+ gnutls_alert_get_name(gnutls_alert_get(sock->ssl)));
+ break;
++#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99)
++ case GNUTLS_E_PREMATURE_TERMINATION:
++#else
+ case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+- /* It's not exactly an API guarantee but this error will
+- * always mean a premature EOF. */
++#endif
+ ret = NE_SOCK_TRUNC;
+ set_error(sock, _("Secure connection truncated"));
+ break;
+@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)
+ NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n");
+ }
+ #elif defined(HAVE_GNUTLS)
++ unsigned int verify_status;
++
+ gnutls_init(&ssl, GNUTLS_SERVER);
+ gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred);
+ gnutls_set_default_priority(ssl);
+@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)
+ if (ret < 0) {
+ return error_gnutls(sock, ret);
+ }
+- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) {
++ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) {
+ set_error(sock, _("Client certificate verification failed"));
+ return NE_SOCK_ERROR;
+ }
+--
+1.7.12.3
+
diff --git a/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch
new file mode 100644
index 000000000000..861207d4b600
--- /dev/null
+++ b/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch
@@ -0,0 +1,57 @@
+From 9033b72dc4fa250519379cb39142a3e42141d3f5 Mon Sep 17 00:00:00 2001
+From: Alexander V Vershilov <alexander.vershilov@gmail.com>
+Date: Thu, 1 Nov 2012 11:44:36 +0400
+Subject: [PATCH 2/2] neon gnutls types fix
+
+---
+ src/ne_gnutls.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
+index d50c6ce..11dfd8e 100644
+--- a/src/ne_gnutls.c
++++ b/src/ne_gnutls.c
+@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s {
+ };
+
+ struct ne_ssl_client_cert_s {
+- gnutls_pkcs12 p12;
++ gnutls_pkcs12_t p12;
+ int decrypted; /* non-zero if successfully decrypted. */
+ int keyless;
+ ne_ssl_certificate cert;
+@@ -1041,11 +1041,11 @@ static int read_to_datum(const char *filename, gnutls_datum *datum)
+ /* Parses a PKCS#12 structure and loads the certificate, private key
+ * and friendly name if possible. Returns zero on success, non-zero
+ * on error. */
+-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
++static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey,
+ gnutls_x509_crt *x5, char **friendly_name,
+ const char *password)
+ {
+- gnutls_pkcs12_bag bag = NULL;
++ gnutls_pkcs12_bag_t bag = NULL;
+ int i, j, ret = 0;
+
+ for (i = 0; ret == 0; ++i) {
+@@ -1060,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
+ gnutls_pkcs12_bag_decrypt(bag, password);
+
+ for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) {
+- gnutls_pkcs12_bag_type type;
++ gnutls_pkcs12_bag_type_t type;
+ gnutls_datum data;
+
+ if (friendly_name && *friendly_name == NULL) {
+@@ -1130,7 +1130,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
+ {
+ int ret;
+ gnutls_datum data;
+- gnutls_pkcs12 p12;
++ gnutls_pkcs12_t p12;
+ ne_ssl_client_cert *cc;
+ char *friendly_name = NULL;
+ gnutls_x509_crt cert = NULL;
+--
+1.7.12.3
+