summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/core/wee-network.c40
1 files changed, 40 insertions, 0 deletions
diff --git a/src/core/wee-network.c b/src/core/wee-network.c
index 08fa69133..0017cb914 100644
--- a/src/core/wee-network.c
+++ b/src/core/wee-network.c
@@ -94,8 +94,10 @@ network_init ()
}
free (ca_path);
}
+#if LIBGNUTLS_VERSION_NUMBER >= 0x02090a
gnutls_certificate_set_verify_function (gnutls_xcred,
&hook_connect_gnutls_verify_certificates);
+#endif
gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
&hook_connect_gnutls_set_certificates);
network_init_ok = 1;
@@ -776,6 +778,24 @@ network_connect_gnutls_handshake_fd_cb (void *arg_hook_connect, int fd)
{
fcntl (HOOK_CONNECT(hook_connect, sock), F_SETFL,
HOOK_CONNECT(hook_connect, handshake_fd_flags));
+#if LIBGNUTLS_VERSION_NUMBER < 0x02090a
+ /*
+ * gnutls only has the gnutls_certificate_set_verify_function()
+ * function since version 2.9.10. We need to call our verify
+ * function manually after the handshake for old gnutls versions
+ */
+ if (hook_connect_gnutls_verify_certificates (*HOOK_CONNECT(hook_connect, gnutls_sess)) != 0)
+ {
+ (void) (HOOK_CONNECT(hook_connect, callback))
+ (hook_connect->callback_data,
+ WEECHAT_HOOK_CONNECT_GNUTLS_HANDSHAKE_ERROR,
+ rc,
+ "Error in the certificate.",
+ HOOK_CONNECT(hook_connect, handshake_ip_address));
+ unhook (hook_connect);
+ return WEECHAT_RC_OK;
+ }
+#endif
unhook (HOOK_CONNECT(hook_connect, handshake_hook_fd));
(void) (HOOK_CONNECT(hook_connect, callback))
(hook_connect->callback_data, WEECHAT_HOOK_CONNECT_OK, 0, NULL,
@@ -929,6 +949,26 @@ network_connect_child_read_cb (void *arg_hook_connect, int fd)
}
fcntl (HOOK_CONNECT(hook_connect, sock), F_SETFL,
HOOK_CONNECT(hook_connect, handshake_fd_flags));
+#if LIBGNUTLS_VERSION_NUMBER < 0x02090a
+ /*
+ * gnutls only has the gnutls_certificate_set_verify_function()
+ * function since version 2.9.10. We need to call our verify
+ * function manually after the handshake for old gnutls versions
+ */
+ if (hook_connect_gnutls_verify_certificates (*HOOK_CONNECT(hook_connect, gnutls_sess)) != 0)
+ {
+ (void) (HOOK_CONNECT(hook_connect, callback))
+ (hook_connect->callback_data,
+ WEECHAT_HOOK_CONNECT_GNUTLS_HANDSHAKE_ERROR,
+ rc,
+ "Error in the certificate.",
+ ip_address);
+ unhook (hook_connect);
+ if (ip_address)
+ free (ip_address);
+ return WEECHAT_RC_OK;
+ }
+#endif
}
#endif
}