diff options
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/wee-hook.c | 11 | ||||
-rw-r--r-- | src/core/wee-hook.h | 2 | ||||
-rw-r--r-- | src/core/wee-network.c | 37 |
3 files changed, 30 insertions, 20 deletions
diff --git a/src/core/wee-hook.c b/src/core/wee-hook.c index 822359877..3d94446aa 100644 --- a/src/core/wee-hook.c +++ b/src/core/wee-hook.c @@ -1638,9 +1638,10 @@ hook_process_run (struct t_hook *hook_process) */ struct t_hook * -hook_connect (struct t_weechat_plugin *plugin, const char *proxy, const char *address, - int port, int sock, int ipv6, void *gnutls_sess, void *gnutls_cb, - int gnutls_dhkey_size, const char *local_hostname, +hook_connect (struct t_weechat_plugin *plugin, const char *proxy, + const char *address, int port, int sock, int ipv6, + void *gnutls_sess, void *gnutls_cb, int gnutls_dhkey_size, + const char *gnutls_priorities, const char *local_hostname, t_hook_callback_connect *callback, void *callback_data) { struct t_hook *new_hook; @@ -1651,6 +1652,7 @@ hook_connect (struct t_weechat_plugin *plugin, const char *proxy, const char *ad (void) gnutls_sess; (void) gnutls_cb; (void) gnutls_dhkey_size; + (void) gnutls_priorities; #endif if ((sock < 0) || !address || (port <= 0) || !callback) @@ -1680,6 +1682,8 @@ hook_connect (struct t_weechat_plugin *plugin, const char *proxy, const char *ad new_hook_connect->gnutls_sess = gnutls_sess; new_hook_connect->gnutls_cb = gnutls_cb; new_hook_connect->gnutls_dhkey_size = gnutls_dhkey_size; + new_hook_connect->gnutls_priorities = (gnutls_priorities) ? + strdup (gnutls_priorities) : NULL; #endif new_hook_connect->local_hostname = (local_hostname) ? strdup (local_hostname) : NULL; @@ -3418,6 +3422,7 @@ hook_print_log () log_printf (" gnutls_sess . . . . . : 0x%lx", HOOK_CONNECT(ptr_hook, gnutls_sess)); log_printf (" gnutls_cb . . . . . . : 0x%lx", HOOK_CONNECT(ptr_hook, gnutls_cb)); log_printf (" gnutls_dhkey_size . . : %d", HOOK_CONNECT(ptr_hook, gnutls_dhkey_size)); + log_printf (" gnutls_priorities . . : '%s'", HOOK_CONNECT(ptr_hook, gnutls_priorities)); #endif log_printf (" local_hostname. . . . : '%s'", HOOK_CONNECT(ptr_hook, local_hostname)); log_printf (" child_read. . . . . . : %d", HOOK_CONNECT(ptr_hook, child_read)); diff --git a/src/core/wee-hook.h b/src/core/wee-hook.h index 457518716..dddb79329 100644 --- a/src/core/wee-hook.h +++ b/src/core/wee-hook.h @@ -221,6 +221,7 @@ struct t_hook_connect gnutls_session_t *gnutls_sess; /* GnuTLS session (SSL connection) */ gnutls_callback_t *gnutls_cb; /* GnuTLS callback during handshake */ int gnutls_dhkey_size; /* Diffie Hellman Key Exchange size */ + char *gnutls_priorities; /* GnuTLS priorities */ #endif char *local_hostname; /* force local hostname (optional) */ int child_read; /* to read data in pipe from child */ @@ -408,6 +409,7 @@ extern struct t_hook *hook_connect (struct t_weechat_plugin *plugin, int port, int sock, int ipv6, void *gnutls_session, void *gnutls_cb, int gnutls_dhkey_size, + const char *gnutls_priorities, const char *local_hostname, t_hook_callback_connect *callback, void *callback_data); diff --git a/src/core/wee-network.c b/src/core/wee-network.c index 26e88661e..b0fdf5e70 100644 --- a/src/core/wee-network.c +++ b/src/core/wee-network.c @@ -59,14 +59,6 @@ int network_init_ok = 0; #ifdef HAVE_GNUTLS gnutls_certificate_credentials gnutls_xcred; /* GnuTLS client credentials */ -const int gnutls_cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; -#if LIBGNUTLS_VERSION_NUMBER >= 0x010700 - const int gnutls_prot_prio[] = { GNUTLS_TLS1_2, GNUTLS_TLS1_1, - GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; -#else - const int gnutls_prot_prio[] = { GNUTLS_TLS1_1, GNUTLS_TLS1_0, - GNUTLS_SSL3, 0 }; -#endif #endif @@ -1004,6 +996,10 @@ void network_connect_with_fork (struct t_hook *hook_connect) { int child_pipe[2]; +#ifdef HAVE_GNUTLS + int rc; + const char *pos_error; +#endif #ifndef __CYGWIN__ pid_t pid; #endif @@ -1012,20 +1008,27 @@ network_connect_with_fork (struct t_hook *hook_connect) /* initialize GnuTLS if SSL asked */ if (HOOK_CONNECT(hook_connect, gnutls_sess)) { - if (gnutls_init (HOOK_CONNECT(hook_connect, gnutls_sess), GNUTLS_CLIENT) != 0) + if (gnutls_init (HOOK_CONNECT(hook_connect, gnutls_sess), GNUTLS_CLIENT) != GNUTLS_E_SUCCESS) { (void) (HOOK_CONNECT(hook_connect, callback)) (hook_connect->callback_data, - '0' + WEECHAT_HOOK_CONNECT_GNUTLS_INIT_ERROR, + WEECHAT_HOOK_CONNECT_GNUTLS_INIT_ERROR, 0, NULL, NULL); unhook (hook_connect); return; } - gnutls_set_default_priority (*HOOK_CONNECT(hook_connect, gnutls_sess)); - gnutls_certificate_type_set_priority (*HOOK_CONNECT(hook_connect, gnutls_sess), - gnutls_cert_type_prio); - gnutls_protocol_set_priority (*HOOK_CONNECT(hook_connect, gnutls_sess), - gnutls_prot_prio); + rc = gnutls_priority_set_direct (*HOOK_CONNECT(hook_connect, gnutls_sess), + HOOK_CONNECT(hook_connect, gnutls_priorities), + &pos_error); + if (rc != GNUTLS_E_SUCCESS) + { + (void) (HOOK_CONNECT(hook_connect, callback)) + (hook_connect->callback_data, + WEECHAT_HOOK_CONNECT_GNUTLS_INIT_ERROR, + 0, _("invalid priorities"), NULL); + unhook (hook_connect); + return; + } gnutls_credentials_set (*HOOK_CONNECT(hook_connect, gnutls_sess), GNUTLS_CRD_CERTIFICATE, gnutls_xcred); @@ -1039,7 +1042,7 @@ network_connect_with_fork (struct t_hook *hook_connect) { (void) (HOOK_CONNECT(hook_connect, callback)) (hook_connect->callback_data, - '0' + WEECHAT_HOOK_CONNECT_MEMORY_ERROR, + WEECHAT_HOOK_CONNECT_MEMORY_ERROR, 0, NULL, NULL); unhook (hook_connect); return; @@ -1062,7 +1065,7 @@ network_connect_with_fork (struct t_hook *hook_connect) case -1: (void) (HOOK_CONNECT(hook_connect, callback)) (hook_connect->callback_data, - '0' + WEECHAT_HOOK_CONNECT_MEMORY_ERROR, + WEECHAT_HOOK_CONNECT_MEMORY_ERROR, 0, NULL, NULL); unhook (hook_connect); return; |