Hello community, here is the log from the commit of package gnutls.1316 for openSUSE:12.3:Update checked in at 2013-02-10 23:32:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/gnutls.1316 (Old) and /work/SRC/openSUSE:12.3:Update/.gnutls.1316.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls.1316", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-09 11:18:20.872010756 +0100 +++ /work/SRC/openSUSE:12.3:Update/.gnutls.1316.new/gnutls.changes 2013-02-10 23:32:05.000000000 +0100 @@ -0,0 +1,1252 @@ +------------------------------------------------------------------- +Tue Feb 5 17:03:26 UTC 2013 - [email protected] + +- Updated to GnuTLS 3.0.28 + - libgnutls: Fixes in server side of DTLS-0.9. + - libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD + ciphers (i.e., AES-GCM). + - libgnutls: Fixes in record padding parsing to prevent a timing + attack. Issue reported by Kenny Patterson and Nadhem Alfardan. + bnc#802184 + - libgnutls: DN variable 'T' was expanded to 'title'. + +------------------------------------------------------------------- +Thu Jan 24 10:14:13 UTC 2013 - [email protected] + +- Updated to GnuTLS 3.0.27 + - libgnutls: Fixed record padding parsing issue. + - libgnutls: Stricter RSA PKCS #1 1.5 encoding. + - libgnutls-guile: Fixed parallel compilation issue. + - API and ABI modifications: No changes since last version. + +------------------------------------------------------------------- +Tue Nov 27 20:31:26 UTC 2012 - [email protected] + +- Test suite breaks on qemu-arm some calls not implemented. + +------------------------------------------------------------------- +Sun Nov 25 10:52:46 UTC 2012 - [email protected] + +- include LGPL-3.0+ text in COPYING.LESSER +- run regression tests, but move "make check" to %check section +- add gnutls-3.0.26-skip-test-fwrite.patch to skip a failing test +- no longer manipulate doc/examples tree in %install section, the + deletion of Makefiles breaks "make check" in %check +- install documentation, reference and examples in %install section + to fetch them for the package without unneccessary files + +------------------------------------------------------------------- +Fri Nov 16 23:30:09 UTC 2012 - [email protected] + +- updated to GnuTLS 3.0.26: + - libgnutls: Always tolerate key usage violation errors from the + side of the peer, but also notify via an audit message. + - libgnutls: gnutls_x509_crl_verify() includes time checks. + - libgnutls: Increased maximum password length in the PKCS #12 + functions. + - API and ABI modifications: + GNUTLS_CERT_REVOCATION_DATA_TOO_OLD: Added + GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added + +- includes changes from 3.0.25: + - libgnutls: Fixed the receipt of session tickets during session + resumption. + - libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the + OCSP response corresponds to the given certificate. + - libgnutls: Several updates in the OpenPGP code. The generating code + is fully RFC6091 compliant and RFC5081 support is only supported in + client mode. + - API and ABI modifications: + gnutls_ocsp_resp_check_crt: Added + +- includes changes form version 3.0.24: + - libgnutls: The %COMPAT keyword, if specified, will tolerate + key usage violation errors (they are far too common to ignore). + - libgnutls: Corrected bug in OpenPGP subpacket encoding. + - libgnutls: Added X.509 certificate verification flag + - GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification + of unsorted certificate chains and is enabled by default for + TLS certificate verification (if gnutls_certificate_set_verify_flags() + does not override it). + - libgnutls: Correctly restore gnutls_record_recv() in DTLS mode + if interrupted during the retrasmition of handshake data. + - libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), + which provides a tool to counter compression-related attacks where + parts of the data are controlled by the attacker _and_ are placed in + separate records (use with care - do not use compression if not sure). + - libgnutls: Depends on libtasn1 2.14 or later. + +- includes changes from version 3.0.23: + - gnutls-serv: Listens on IPv6 + - libgnutls: Be tolerant in ECDSA signature violations (e.g. using + SHA256 with a SECP384 curve instead of SHA-384), to interoperate with + openssl. +- libgnutls: Fixed DSA and ECDSA signature generation in smart cards. + +- includes changes from version 3.0.22 + - libgnutls: When verifying a certificate chain make sure it is chain. + If the chain is wronly interrupted at some point then truncate it, + and only try to verify the correct part. Patch by David Woodhouse + - libgnutls: Restored the behavior of gnutls_x509_privkey_import_pkcs8() + which now may (again) accept a NULL password. + - certtool: Allow the user to choose the hash algorithm + when signing certificate request or certificate revocation list. + +- Refresh gnutls-implement-trust-store-dir.diff, some parts are in + upstream sources + +------------------------------------------------------------------- +Mon Jul 16 06:00:52 UTC 2012 - [email protected] + +- update to latest stable version 3.0.21: + libgnutls: fixed bug in gnutls_x509_privkey_import() + that prevented the loading of EC private keys when DER + encoded. Reported by David Woodhouse. + + libgnutls: In DTLS larger to mtu records result to + GNUTLS_E_LARGE_PACKET instead of being truncated. + + libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based + on patch by David Woodhouse. + + libgnutls: Fixed memory leak in PKCS #8 key import. + + libgnutls: Added support for an old version of the DTLS protocol + used by openconnect vpn client for compatibility with Cisco's AnyConnect + SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols + as it has issues. + + libgnutls: Corrected bug that prevented resolving PKCS #11 URLs + if only the label is specified. Patch by David Woodhouse. + + libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET + is returned. + + API and ABI modifications: + gnutls_dtls_set_data_mtu: Added + gnutls_session_set_premaster: Added + +------------------------------------------------------------------- +Sun Jul 1 20:00:33 UTC 2012 - [email protected] + +- merge am-1.12 patches into 1 + +------------------------------------------------------------------- +Sat Jun 30 17:24:48 UTC 2012 - [email protected] + +- fix 12.2 builds. + * replace depreciated am_prog_mkdir_p with ac_prog_mkdir_p. + +------------------------------------------------------------------- +Thu Jun 21 08:02:43 UTC 2012 - [email protected] + +- Updated to version 3.0.20: + libgnutls: Corrected bug which prevented the parsing of + handshake packets spanning multiple records. + + libgnutls: Check key identifiers when checking for an issuer. + + libgnutls: Added gnutls_pubkey_verify_hash2() + + libgnutls: Added gnutls_certificate_set_x509_system_trust() + that loads the trusted CA certificates from system locations + (e.g. trusted storage in windows and CA bundle files in other systems). + + certtool: Added support for the URI subject alternative + name type in certtool. + + certtool: Increase to 128 the maximum number of distinct options + (e.g. dns_names) allowed. + + gnutls-cli: If --print-cert is given, print the certificate, + even on verification failure. + + ** API and ABI modifications: + gnutls_pk_to_sign: Added + gnutls_pubkey_verify_hash2: Added + gnutls_certificate_set_x509_system_trust: Added + +------------------------------------------------------------------- +Tue May 29 12:51:59 UTC 2012 - [email protected] + +- fix build with automake-1.12 + - add: automake-1.12.patch + +------------------------------------------------------------------- +Thu May 24 07:45:31 UTC 2012 - [email protected] + +- backport gnutls_certificate_set_x509_system_trust() from git and + add support for trust store directories (bnc#761634) + +------------------------------------------------------------------- +Mon May 21 15:35:00 UTC 2012 - [email protected] + +- add version and release to gnutls-devel provides + +------------------------------------------------------------------- +Mon May 21 11:33:29 UTC 2012 - [email protected] + +- let libgnutls-devel also provide gnutls-devel + +------------------------------------------------------------------- +Sun May 13 02:44:30 UTC 2012 - [email protected] + +- Update to version 3.0.19: + + libgnutls: + - When decoding a PKCS #11 URL the pin-source field + is assumed to be a file that stores the pin. Based on patch ++++ 1055 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.gnutls.1316.new/gnutls.changes New: ---- automake-1.12.patch baselibs.conf gnutls-3.0.26-skip-test-fwrite.patch gnutls-3.0.28.tar.xz gnutls-implement-trust-store-dir.diff gnutls.changes gnutls.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ # # spec file for package gnutls # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define gnutls_sover 28 %define gnutlsxx_sover 28 %define gnutls_ossl_sover 27 Name: gnutls Version: 3.0.28 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-3.0+ and GPL-3.0+ Group: Productivity/Networking/Security Url: http://www.gnutls.org/ Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/%{name}-%{version}.tar.xz Source1: baselibs.conf # suse specific, add support for certificate directories -- lnussel Patch1: gnutls-implement-trust-store-dir.diff Patch2: automake-1.12.patch # PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch [email protected] -- skip a failing test Patch3: gnutls-3.0.26-skip-test-fwrite.patch BuildRequires: automake BuildRequires: gcc-c++ BuildRequires: libidn-devel BuildRequires: libnettle-devel >= 2.2 BuildRequires: libtasn1-devel >= 2.14 BuildRequires: libtool BuildRequires: p11-kit-devel >= 0.11 BuildRequires: pkg-config BuildRequires: xz BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build # bug437293 %ifarch ppc64 Obsoletes: gnutls-64bit %endif %description The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls%{gnutls_sover} Summary: The GNU Transport Layer Security Library License: LGPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutls%{gnutls_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutlsxx%{gnutlsxx_sover} Summary: The GNU Transport Layer Security Library License: LGPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutlsxx%{gnutlsxx_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls-openssl%{gnutls_ossl_sover} Summary: The GNU Transport Layer Security Library License: GPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutls-openssl%{gnutls_ossl_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls-devel Summary: Development package for gnutls License: LGPL-3.0+ Group: Development/Libraries/C and C++ PreReq: %install_info_prereq Requires: glibc-devel Requires: libgnutls%{gnutls_sover} = %{version} Provides: gnutls-devel = %{version}-%{release} %description -n libgnutls-devel Files needed for software development using gnutls. %package -n libgnutlsxx-devel Summary: Development package for gnutls License: LGPL-3.0+ Group: Development/Libraries/C and C++ PreReq: %install_info_prereq Requires: libgnutls-devel = %{version} Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} Requires: libstdc++-devel %description -n libgnutlsxx-devel Files needed for software development using gnutls. %package -n libgnutls-openssl-devel Summary: Development package for gnutls License: GPL-3.0+ Group: Development/Libraries/C and C++ Requires: libgnutls-devel = %{version} Requires: libgnutls-openssl%{gnutls_ossl_sover} = %{version} %description -n libgnutls-openssl-devel Files needed for software development using gnutls. %prep %setup -q %patch1 %patch2 -p1 %patch3 echo %{_includedir}/%{name}/abstract.h %build autoreconf -if %configure \ --disable-static \ --with-pic \ --disable-rpath \ --disable-silent-rules \ --with-default-trust-store-dir=/etc/ssl/certs \ --with-sysroot=/%{?_sysroot} %__make %{?_smp_mflags} %install %make_install rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot # Do not package static libs and libtool files rm -f %{buildroot}%{_libdir}/*.la # install docs %__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/ %__cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/ %__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference %__cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/ %__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples %__cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/ %find_lang libgnutls --all-name %check %if ! 0%{?qemu_user_space_build} %__make check %endif %clean rm -rf %{buildroot} %post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %post -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig %postun -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig %post -n libgnutls-devel %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %install_info --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz %postun -n libgnutls-devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %install_info_delete --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz %files -f libgnutls.lang %defattr(-, root, root) %doc THANKS README NEWS ChangeLog COPYING COPYING.LESSER AUTHORS doc/TODO %{_bindir}/certtool %{_bindir}/crywrap %{_bindir}/gnutls-cli %{_bindir}/gnutls-cli-debug %{_bindir}/gnutls-serv %{_bindir}/ocsptool %{_bindir}/psktool %{_bindir}/p11tool %{_bindir}/srptool %{_mandir}/man1/* %files -n libgnutls%{gnutls_sover} %defattr(-,root,root) %{_libdir}/libgnutls.so.%{gnutls_sover}* %files -n libgnutls-openssl%{gnutls_ossl_sover} %defattr(-,root,root) %{_libdir}/libgnutls-openssl.so.%{gnutls_ossl_sover}* %files -n libgnutlsxx%{gnutlsxx_sover} %defattr(-,root,root) %{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}* %files -n libgnutls-devel %defattr(-, root, root) %dir %{_includedir}/%{name} %{_includedir}/%{name}/abstract.h %{_includedir}/%{name}/crypto.h %{_includedir}/%{name}/compat.h %{_includedir}/%{name}/dtls.h %{_includedir}/%{name}/gnutls.h %{_includedir}/%{name}/openpgp.h %{_includedir}/%{name}/ocsp.h %{_includedir}/%{name}/pkcs11.h %{_includedir}/%{name}/pkcs12.h %{_includedir}/%{name}/x509.h %{_libdir}/libgnutls.so %{_libdir}/pkgconfig/gnutls.pc %{_mandir}/man3/* %{_infodir}/*.* %doc %{_docdir}/libgnutls-devel %files -n libgnutlsxx-devel %defattr(-, root, root) %{_libdir}/libgnutlsxx.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/gnutlsxx.h %files -n libgnutls-openssl-devel %defattr(-, root, root) %{_libdir}/libgnutls-openssl.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/openssl.h %changelog ++++++ automake-1.12.patch ++++++ Index: gnutls-3.0.20/configure.ac =================================================================== --- gnutls-3.0.20.orig/configure.ac 2012-07-01 21:50:17.000000000 +0200 +++ gnutls-3.0.20/configure.ac 2012-07-01 21:50:17.977499968 +0200 @@ -37,6 +37,7 @@ dnl Checks for programs. AC_PROG_CC AM_PROG_AS AC_PROG_CXX +AM_PROG_AR gl_EARLY # For includes/gnutls/gnutls.h.in. Index: gnutls-3.0.20/aclocal.m4 =================================================================== --- gnutls-3.0.20.orig/aclocal.m4 2012-06-05 19:10:14.000000000 +0200 +++ gnutls-3.0.20/aclocal.m4 2012-07-01 21:53:42.821893323 +0200 @@ -529,7 +529,7 @@ AM_MISSING_PROG(AUTOHEADER, autoheader) AM_MISSING_PROG(MAKEINFO, makeinfo) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl -AC_REQUIRE([AM_PROG_MKDIR_P])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl @@ -773,10 +773,10 @@ fi # serial 1 -# AM_PROG_MKDIR_P +# AC_PROG_MKDIR_P # --------------- # Check for `mkdir -p'. -AC_DEFUN([AM_PROG_MKDIR_P], +AC_DEFUN([AC_PROG_MKDIR_P], [AC_PREREQ([2.60])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, Index: gnutls-3.0.20/gl/m4/gnulib-common.m4 =================================================================== --- gnutls-3.0.20.orig/gl/m4/gnulib-common.m4 2012-06-05 19:07:51.000000000 +0200 +++ gnutls-3.0.20/gl/m4/gnulib-common.m4 2012-07-01 21:53:42.821893323 +0200 @@ -301,7 +301,7 @@ m4_ifdef([AC_PROG_MKDIR_P], [ AC_SUBST([MKDIR_P])])], [ dnl For autoconf < 2.60: Backport of AC_PROG_MKDIR_P. AC_DEFUN_ONCE([AC_PROG_MKDIR_P], - [AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake + [AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake MKDIR_P='$(mkdir_p)' AC_SUBST([MKDIR_P])])]) Index: gnutls-3.0.20/m4/po.m4 =================================================================== --- gnutls-3.0.20.orig/m4/po.m4 2011-11-08 22:07:12.000000000 +0100 +++ gnutls-3.0.20/m4/po.m4 2012-07-01 21:53:42.822893277 +0200 @@ -24,7 +24,7 @@ AC_DEFUN([AM_PO_SUBDIRS], [ AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl - AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake + AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake AC_REQUIRE([AM_NLS])dnl dnl Release version of the gettext macros. This is used to ensure that ++++++ baselibs.conf ++++++ libgnutls28 obsoletes "gnutls-<targettype>" libgnutls-devel requires -libgnutls-<targettype> requires "libgnutls28-<targettype> = <version>" ++++++ gnutls-3.0.26-skip-test-fwrite.patch ++++++ Index: gl/tests/test-fwrite.c =================================================================== --- gl/tests/test-fwrite.c.orig 2012-04-12 21:05:11.000000000 +0100 +++ gl/tests/test-fwrite.c 2012-11-23 22:51:17.000000000 +0000 @@ -32,6 +32,8 @@ SIGNATURE_CHECK (fwrite, size_t, (const int main (int argc, char **argv) { + // skip test-fwrite + return 77; const char *filename = "test-fwrite.txt"; /* We don't have an fwrite() function that installs an invalid parameter @@ -50,6 +52,7 @@ main (int argc, char **argv) setvbuf (fp, NULL, _IONBF, 0); ASSERT (close (fileno (fp)) == 0); errno = 0; + // this fwrite returns 5 == sizeof (buf) in openSUSE Factory ASSERT (fwrite (buf, 1, sizeof (buf), fp) == 0); ASSERT (errno == EBADF); ASSERT (ferror (fp)); ++++++ gnutls-implement-trust-store-dir.diff ++++++ >From a6cef9220ae251e3b8f8d663c5fa7f888e3176d8 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <[email protected]> Date: Tue, 8 May 2012 15:47:02 +0200 Subject: [PATCH gnutls] implement trust store dir (since updated as some parts were introduced upstream) --- configure.ac | 18 ++++++++++++- lib/gnutls_x509.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 90 insertions(+), 2 deletions(-) Index: configure.ac =================================================================== --- configure.ac.orig 2012-11-08 23:05:32.000000000 +0000 +++ configure.ac 2012-11-16 23:18:51.000000000 +0000 @@ -301,9 +301,11 @@ AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) -if test "x$with_default_trust_store_pkcs11" = x -a "x$with_default_trust_store_file" = x; then +if test "x$with_default_trust_store_pkcs11" = x -a "x$with_default_trust_store_file" = x \ + -a "x$with_default_trust_store_dir" = x; then # auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html for i in \ + /etc/ssl/certs \ /etc/ssl/certs/ca-certificates.crt \ /etc/pki/tls/cert.pem \ /usr/local/share/certs/ca-root-nss.crt \ @@ -321,6 +323,11 @@ if test "x$with_default_trust_store_file ["$with_default_trust_store_file"], [use the given file default trust store]) fi +if test "x$with_default_trust_store_dir" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR], + ["$with_default_trust_store_dir"], [use the given directory default trust store]) +fi + if test "x$with_default_crl_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], ["$with_default_crl_file"], [use the given CRL file]) @@ -562,6 +569,7 @@ if features are disabled) Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file + Trust store dir: $with_default_trust_store_dir CRL file: $with_default_crl_file ]) Index: lib/gnutls_x509.c =================================================================== --- lib/gnutls_x509.c.orig 2012-09-22 01:01:26.000000000 +0100 +++ lib/gnutls_x509.c 2012-11-16 23:16:31.000000000 +0000 @@ -36,6 +36,7 @@ #include <gnutls_pk.h> #include <gnutls_str.h> #include <debug.h> +#include <dirent.h> #include <x509_b64.h> #include <gnutls_x509.h> #include "x509/common.h" @@ -1694,6 +1695,72 @@ set_x509_system_trust_file (gnutls_certi } #endif +#ifdef DEFAULT_TRUST_STORE_DIR +static int +_gnutls_certificate_set_x509_system_trust_dir (gnutls_certificate_credentials_t cred) +{ + DIR* dir; + struct dirent* buf, *de; + int ret, r = 0; + gnutls_datum_t cas; + size_t size; + char cafile[PATH_MAX]; + + dir = opendir(DEFAULT_TRUST_STORE_DIR); + if (dir == NULL) + { + gnutls_assert (); + return GNUTLS_E_FILE_ERROR; + } + + buf = alloca(offsetof(struct dirent, d_name) + pathconf(DEFAULT_TRUST_STORE_DIR, _PC_NAME_MAX) + 1); + + while (1) + { + if (readdir_r(dir, buf, &de)) + { + gnutls_assert(); + break; + } + if (de == NULL) + { + break; + } + if (strlen(de->d_name) < 4 || strcmp(de->d_name+strlen(de->d_name)-4, ".pem")) + { + continue; + } + + strcpy(cafile, DEFAULT_TRUST_STORE_DIR "/"); + strncat(cafile, de->d_name, sizeof(cafile)-strlen(cafile)-1); + cas.data = (void*)read_binary_file (cafile, &size); + if (cas.data == NULL) + { + gnutls_assert (); + continue; + } + + cas.size = size; + + ret = gnutls_certificate_set_x509_trust_mem(cred, &cas, GNUTLS_X509_FMT_PEM); + + free (cas.data); + + if (ret < 0) + { + gnutls_assert (); + } + else + { + r += ret; + } + } + closedir(dir); + + return r; +} +#endif + /** * gnutls_certificate_set_x509_system_trust: * @cred: is a #gnutls_certificate_credentials_t structure. @@ -1712,7 +1779,7 @@ set_x509_system_trust_file (gnutls_certi int gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred) { -#if !defined(_WIN32) && !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) +#if !defined(_WIN32) && !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) && !defined(DEFAULT_TRUST_STORE_DIR) int r = GNUTLS_E_UNIMPLEMENTED_FEATURE; #else int ret, r = 0; @@ -1730,6 +1797,11 @@ gnutls_certificate_set_x509_system_trust r += ret; #endif +#ifdef DEFAULT_TRUST_STORE_DIR + ret = _gnutls_certificate_set_x509_system_trust_dir(cred); + if (ret > 0) + r += ret; +#endif return r; } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
