[exim-dev] [Bug 1095] Uses (soon to be) deprecated GnuTLS fu…

Top Page
Delete this message
Reply to this message
Author: Git Commit
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 1095] New: Uses (soon to be) deprecated GnuTLS functions
Subject: [exim-dev] [Bug 1095] Uses (soon to be) deprecated GnuTLS functions
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1095

Git Commit <git@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |git@???





--- Comment #3 from Git Commit <git@???> 2011-10-03 13:17:06 ---
Git commit:
http://git.exim.org/exim.git/commitdiff/89f897c3fdb4c1342b3e9b9f6cb33cd0f869e2aa

commit 89f897c3fdb4c1342b3e9b9f6cb33cd0f869e2aa
Author:     Phil Pennock <pdp@???>
AuthorDate: Sat Sep 24 03:09:44 2011 -0400
Commit:     Phil Pennock <pdp@???>
CommitDate: Sat Sep 24 03:09:44 2011 -0400


    Pull Andreas Metzler's fix for gnutls_certificate_verify_peers (bug 1095)
---
 doc/doc-txt/ChangeLog |    2 ++
 src/src/tls-gnu.c     |    8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index c1362b1..e581360 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -114,6 +114,8 @@ PP/09 Handle IPv6 addresses with SPF.

 PP/10 GnuTLS: support TLS 1.2 & 1.1.
       Bugzilla 1156.
+      Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
+      Bugzilla 1095.



 Exim version 4.76
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 4de9d4f..6b80637 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -235,10 +235,10 @@ Returns:     TRUE/FALSE
 static BOOL
 verify_certificate(gnutls_session session, const char **error)
 {
-int verify;
+int rc;
 uschar *dn_string = US"";
 const gnutls_datum *cert;
-unsigned int cert_size = 0;
+unsigned int verify, cert_size = 0;


*error = NULL;

@@ -262,7 +262,7 @@ if (cert != NULL)
       dn_string = string_copy_malloc(buff);
     }


- verify = gnutls_certificate_verify_peers(session);
+ rc = gnutls_certificate_verify_peers2(session, &verify);
}
else
{
@@ -274,7 +274,7 @@ else
/* Handle the result of verification. INVALID seems to be set as well
as REVOKED, but leave the test for both. */

-if ((verify & (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED)) != 0)
+if ((rc < 0) || (verify & (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED)) != 0)
{
tls_certificate_verified = FALSE;
if (*error == NULL) *error = ((verify & GNUTLS_CERT_REVOKED) != 0)?


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email