summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
Diffstat (limited to 'src/core')
-rw-r--r--src/core/wee-hook.c11
-rw-r--r--src/core/wee-hook.h2
-rw-r--r--src/core/wee-network.c37
3 files changed, 30 insertions, 20 deletions
diff --git a/src/core/wee-hook.c b/src/core/wee-hook.c
index 822359877..3d94446aa 100644
--- a/src/core/wee-hook.c
+++ b/src/core/wee-hook.c
@@ -1638,9 +1638,10 @@ hook_process_run (struct t_hook *hook_process)
*/
struct t_hook *
-hook_connect (struct t_weechat_plugin *plugin, const char *proxy, const char *address,
- int port, int sock, int ipv6, void *gnutls_sess, void *gnutls_cb,
- int gnutls_dhkey_size, const char *local_hostname,
+hook_connect (struct t_weechat_plugin *plugin, const char *proxy,
+ const char *address, int port, int sock, int ipv6,
+ void *gnutls_sess, void *gnutls_cb, int gnutls_dhkey_size,
+ const char *gnutls_priorities, const char *local_hostname,
t_hook_callback_connect *callback, void *callback_data)
{
struct t_hook *new_hook;
@@ -1651,6 +1652,7 @@ hook_connect (struct t_weechat_plugin *plugin, const char *proxy, const char *ad
(void) gnutls_sess;
(void) gnutls_cb;
(void) gnutls_dhkey_size;
+ (void) gnutls_priorities;
#endif
if ((sock < 0) || !address || (port <= 0) || !callback)
@@ -1680,6 +1682,8 @@ hook_connect (struct t_weechat_plugin *plugin, const char *proxy, const char *ad
new_hook_connect->gnutls_sess = gnutls_sess;
new_hook_connect->gnutls_cb = gnutls_cb;
new_hook_connect->gnutls_dhkey_size = gnutls_dhkey_size;
+ new_hook_connect->gnutls_priorities = (gnutls_priorities) ?
+ strdup (gnutls_priorities) : NULL;
#endif
new_hook_connect->local_hostname = (local_hostname) ?
strdup (local_hostname) : NULL;
@@ -3418,6 +3422,7 @@ hook_print_log ()
log_printf (" gnutls_sess . . . . . : 0x%lx", HOOK_CONNECT(ptr_hook, gnutls_sess));
log_printf (" gnutls_cb . . . . . . : 0x%lx", HOOK_CONNECT(ptr_hook, gnutls_cb));
log_printf (" gnutls_dhkey_size . . : %d", HOOK_CONNECT(ptr_hook, gnutls_dhkey_size));
+ log_printf (" gnutls_priorities . . : '%s'", HOOK_CONNECT(ptr_hook, gnutls_priorities));
#endif
log_printf (" local_hostname. . . . : '%s'", HOOK_CONNECT(ptr_hook, local_hostname));
log_printf (" child_read. . . . . . : %d", HOOK_CONNECT(ptr_hook, child_read));
diff --git a/src/core/wee-hook.h b/src/core/wee-hook.h
index 457518716..dddb79329 100644
--- a/src/core/wee-hook.h
+++ b/src/core/wee-hook.h
@@ -221,6 +221,7 @@ struct t_hook_connect
gnutls_session_t *gnutls_sess; /* GnuTLS session (SSL connection) */
gnutls_callback_t *gnutls_cb; /* GnuTLS callback during handshake */
int gnutls_dhkey_size; /* Diffie Hellman Key Exchange size */
+ char *gnutls_priorities; /* GnuTLS priorities */
#endif
char *local_hostname; /* force local hostname (optional) */
int child_read; /* to read data in pipe from child */
@@ -408,6 +409,7 @@ extern struct t_hook *hook_connect (struct t_weechat_plugin *plugin,
int port, int sock, int ipv6,
void *gnutls_session, void *gnutls_cb,
int gnutls_dhkey_size,
+ const char *gnutls_priorities,
const char *local_hostname,
t_hook_callback_connect *callback,
void *callback_data);
diff --git a/src/core/wee-network.c b/src/core/wee-network.c
index 26e88661e..b0fdf5e70 100644
--- a/src/core/wee-network.c
+++ b/src/core/wee-network.c
@@ -59,14 +59,6 @@ int network_init_ok = 0;
#ifdef HAVE_GNUTLS
gnutls_certificate_credentials gnutls_xcred; /* GnuTLS client credentials */
-const int gnutls_cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-#if LIBGNUTLS_VERSION_NUMBER >= 0x010700
- const int gnutls_prot_prio[] = { GNUTLS_TLS1_2, GNUTLS_TLS1_1,
- GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
-#else
- const int gnutls_prot_prio[] = { GNUTLS_TLS1_1, GNUTLS_TLS1_0,
- GNUTLS_SSL3, 0 };
-#endif
#endif
@@ -1004,6 +996,10 @@ void
network_connect_with_fork (struct t_hook *hook_connect)
{
int child_pipe[2];
+#ifdef HAVE_GNUTLS
+ int rc;
+ const char *pos_error;
+#endif
#ifndef __CYGWIN__
pid_t pid;
#endif
@@ -1012,20 +1008,27 @@ network_connect_with_fork (struct t_hook *hook_connect)
/* initialize GnuTLS if SSL asked */
if (HOOK_CONNECT(hook_connect, gnutls_sess))
{
- if (gnutls_init (HOOK_CONNECT(hook_connect, gnutls_sess), GNUTLS_CLIENT) != 0)
+ if (gnutls_init (HOOK_CONNECT(hook_connect, gnutls_sess), GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
{
(void) (HOOK_CONNECT(hook_connect, callback))
(hook_connect->callback_data,
- '0' + WEECHAT_HOOK_CONNECT_GNUTLS_INIT_ERROR,
+ WEECHAT_HOOK_CONNECT_GNUTLS_INIT_ERROR,
0, NULL, NULL);
unhook (hook_connect);
return;
}
- gnutls_set_default_priority (*HOOK_CONNECT(hook_connect, gnutls_sess));
- gnutls_certificate_type_set_priority (*HOOK_CONNECT(hook_connect, gnutls_sess),
- gnutls_cert_type_prio);
- gnutls_protocol_set_priority (*HOOK_CONNECT(hook_connect, gnutls_sess),
- gnutls_prot_prio);
+ rc = gnutls_priority_set_direct (*HOOK_CONNECT(hook_connect, gnutls_sess),
+ HOOK_CONNECT(hook_connect, gnutls_priorities),
+ &pos_error);
+ if (rc != GNUTLS_E_SUCCESS)
+ {
+ (void) (HOOK_CONNECT(hook_connect, callback))
+ (hook_connect->callback_data,
+ WEECHAT_HOOK_CONNECT_GNUTLS_INIT_ERROR,
+ 0, _("invalid priorities"), NULL);
+ unhook (hook_connect);
+ return;
+ }
gnutls_credentials_set (*HOOK_CONNECT(hook_connect, gnutls_sess),
GNUTLS_CRD_CERTIFICATE,
gnutls_xcred);
@@ -1039,7 +1042,7 @@ network_connect_with_fork (struct t_hook *hook_connect)
{
(void) (HOOK_CONNECT(hook_connect, callback))
(hook_connect->callback_data,
- '0' + WEECHAT_HOOK_CONNECT_MEMORY_ERROR,
+ WEECHAT_HOOK_CONNECT_MEMORY_ERROR,
0, NULL, NULL);
unhook (hook_connect);
return;
@@ -1062,7 +1065,7 @@ network_connect_with_fork (struct t_hook *hook_connect)
case -1:
(void) (HOOK_CONNECT(hook_connect, callback))
(hook_connect->callback_data,
- '0' + WEECHAT_HOOK_CONNECT_MEMORY_ERROR,
+ WEECHAT_HOOK_CONNECT_MEMORY_ERROR,
0, NULL, NULL);
unhook (hook_connect);
return;