Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2013-07-29 17:41:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2013-07-09 20:49:55.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2013-07-29 17:41:36.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Jul 26 12:45:45 UTC 2013 - [email protected] + +- revert to using certificate directory again until gnutls + understands the trust bits in pkcs11. Otherwise it would use + blacklisted certificates. + +------------------------------------------------------------------- New: ---- gnutls-implement-trust-store-dir.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.WnXRtd/_old 2013-07-29 17:41:36.000000000 +0200 +++ /var/tmp/diff_new_pack.WnXRtd/_new 2013-07-29 17:41:36.000000000 +0200 @@ -46,6 +46,7 @@ # Disable elliptic curves for reasons. - meissner&cfarrell Patch5: gnutls-3.2.1-noecc.patch +Patch6: gnutls-implement-trust-store-dir.diff BuildRequires: automake BuildRequires: gcc-c++ @@ -147,6 +148,7 @@ %patch3 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build autoreconf -if @@ -158,7 +160,7 @@ --with-pic \ --disable-rpath \ --disable-silent-rules \ - --with-default-trust-store-pkcs11=pkcs11: \ + --with-default-trust-store-dir=/var/lib/ca-certificates/pem \ --disable-ecdhe \ --with-sysroot=/%{?_sysroot} %__make %{?_smp_mflags} ++++++ gnutls-implement-trust-store-dir.diff ++++++ Index: gnutls-3.2.1/configure.ac =================================================================== --- gnutls-3.2.1.orig/configure.ac +++ gnutls-3.2.1/configure.ac @@ -398,6 +398,25 @@ if test "$with_default_trust_store_file" with_default_trust_store_file="" fi +AC_ARG_WITH([default-trust-store-dir], + [AS_HELP_STRING([--with-default-trust-store-dir=DIRECTORY], + [use the given directory as default trust store])], with_default_trust_store_dir="$withval", + [if test "$build" = "$host" ; then + for i in \ + /etc/ssl/certs/ + do + if test -e $i ; then + with_default_trust_store_dir="$i" + break + fi + done + fi] +) + +if test "$with_default_trust_store_dir" = "no";then + with_default_trust_store_dir="" +fi + AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) @@ -407,6 +426,11 @@ if test "x$with_default_trust_store_file ["$with_default_trust_store_file"], [use the given file default trust store]) fi +if test "x$with_default_trust_store_dir" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR], + ["$with_default_trust_store_dir"], [use the given directory default trust store]) +fi + if test "x$with_default_crl_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], ["$with_default_crl_file"], [use the given CRL file]) @@ -683,6 +707,7 @@ AC_MSG_NOTICE([System files: Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file + Trust store dir: $with_default_trust_store_dir CRL file: $with_default_crl_file DNSSEC root key file: $unbound_root_key_file ]) Index: gnutls-3.2.1/lib/system.c =================================================================== --- gnutls-3.2.1.orig/lib/system.c +++ gnutls-3.2.1/lib/system.c @@ -385,7 +385,45 @@ const char *home_dir = getenv ("HOME"); return 0; } -#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) +/* Used by both Android code and by Linux TRUST_STORE_DIR /etc/ssl/certs code */ +#if defined(DEFAULT_TRUST_STORE_DIR) || defined(ANDROID) || defined(__ANDROID__) +# include <dirent.h> +# include <unistd.h> +static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, + unsigned int tl_flags, unsigned int tl_vflags, unsigned type) +{ +DIR * dirp; +struct dirent *d; +int ret; +int r = 0; +char path[GNUTLS_PATH_MAX]; + + dirp = opendir(dirname); + if (dirp != NULL) + { + do + { + d = readdir(dirp); + if (d != NULL && d->d_type == DT_REG) + { + snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name); + + ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags); + if (ret >= 0) + r += ret; + } + } + while(d != NULL); + closedir(dirp); + } + + return r; +} +#endif + + +#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) || defined(DEFAULT_TRUST_STORE_DIR) + static int add_system_trust(gnutls_x509_trust_list_t list, @@ -413,6 +451,12 @@ add_system_trust(gnutls_x509_trust_list_ r += ret; # endif +# ifdef DEFAULT_TRUST_STORE_DIR + ret = load_dir_certs(DEFAULT_TRUST_STORE_DIR, list, tl_flags, tl_vflags, GNUTLS_X509_FMT_PEM); + if (ret > 0) + r += ret; +# endif + return r; } #elif defined(_WIN32) @@ -466,39 +510,6 @@ int add_system_trust(gnutls_x509_trust_l return r; } #elif defined(ANDROID) || defined(__ANDROID__) -# include <dirent.h> -# include <unistd.h> -static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, - unsigned int tl_flags, unsigned int tl_vflags, unsigned type) -{ -DIR * dirp; -struct dirent *d; -int ret; -int r = 0; -char path[GNUTLS_PATH_MAX]; - - dirp = opendir(dirname); - if (dirp != NULL) - { - do - { - d = readdir(dirp); - if (d != NULL && d->d_type == DT_REG) - { - snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name); - - ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags); - if (ret >= 0) - r += ret; - } - } - while(d != NULL); - closedir(dirp); - } - - return r; -} - static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type) { DIR * dirp; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
