diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/core/wee-network.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/src/core/wee-network.c b/src/core/wee-network.c index 08fa69133..0017cb914 100644 --- a/src/core/wee-network.c +++ b/src/core/wee-network.c @@ -94,8 +94,10 @@ network_init () } free (ca_path); } +#if LIBGNUTLS_VERSION_NUMBER >= 0x02090a gnutls_certificate_set_verify_function (gnutls_xcred, &hook_connect_gnutls_verify_certificates); +#endif gnutls_certificate_client_set_retrieve_function (gnutls_xcred, &hook_connect_gnutls_set_certificates); network_init_ok = 1; @@ -776,6 +778,24 @@ network_connect_gnutls_handshake_fd_cb (void *arg_hook_connect, int fd) { fcntl (HOOK_CONNECT(hook_connect, sock), F_SETFL, HOOK_CONNECT(hook_connect, handshake_fd_flags)); +#if LIBGNUTLS_VERSION_NUMBER < 0x02090a + /* + * gnutls only has the gnutls_certificate_set_verify_function() + * function since version 2.9.10. We need to call our verify + * function manually after the handshake for old gnutls versions + */ + if (hook_connect_gnutls_verify_certificates (*HOOK_CONNECT(hook_connect, gnutls_sess)) != 0) + { + (void) (HOOK_CONNECT(hook_connect, callback)) + (hook_connect->callback_data, + WEECHAT_HOOK_CONNECT_GNUTLS_HANDSHAKE_ERROR, + rc, + "Error in the certificate.", + HOOK_CONNECT(hook_connect, handshake_ip_address)); + unhook (hook_connect); + return WEECHAT_RC_OK; + } +#endif unhook (HOOK_CONNECT(hook_connect, handshake_hook_fd)); (void) (HOOK_CONNECT(hook_connect, callback)) (hook_connect->callback_data, WEECHAT_HOOK_CONNECT_OK, 0, NULL, @@ -929,6 +949,26 @@ network_connect_child_read_cb (void *arg_hook_connect, int fd) } fcntl (HOOK_CONNECT(hook_connect, sock), F_SETFL, HOOK_CONNECT(hook_connect, handshake_fd_flags)); +#if LIBGNUTLS_VERSION_NUMBER < 0x02090a + /* + * gnutls only has the gnutls_certificate_set_verify_function() + * function since version 2.9.10. We need to call our verify + * function manually after the handshake for old gnutls versions + */ + if (hook_connect_gnutls_verify_certificates (*HOOK_CONNECT(hook_connect, gnutls_sess)) != 0) + { + (void) (HOOK_CONNECT(hook_connect, callback)) + (hook_connect->callback_data, + WEECHAT_HOOK_CONNECT_GNUTLS_HANDSHAKE_ERROR, + rc, + "Error in the certificate.", + ip_address); + unhook (hook_connect); + if (ip_address) + free (ip_address); + return WEECHAT_RC_OK; + } +#endif } #endif } |