I have not tested this other than that it compiles, but it resolves some compiler warnings.
/Simon
>From 827fbbe460b47de30239bc3e9cc4cd295ef5fb87 Mon Sep 17 00:00:00 2001 From: Simon Josefsson <[email protected]> Date: Fri, 23 Mar 2012 12:15:42 +0100 Subject: [PATCH] Update GnuTLS priority handling. Improve error handling. * tls.h (mu_tls_module_config): Add priority_string. * libmu_cfg/tls.c (tls_settings): Initialize priority_string. (mu_tls_param): Add priority-string. * tls.c (prepare_client_session): Use modern GnuTLS priority string API. Check return codes. --- include/mailutils/tls.h | 2 + libmu_auth/tls.c | 52 ++++++++++++++++++++++++++++++---------------- libmu_cfg/tls.c | 6 ++++- 3 files changed, 41 insertions(+), 19 deletions(-) diff --git a/include/mailutils/tls.h b/include/mailutils/tls.h index 054d1e4..7e0fd53 100644 --- a/include/mailutils/tls.h +++ b/include/mailutils/tls.h @@ -37,6 +37,8 @@ struct mu_tls_module_config char *ssl_cafile; int ssl_cafile_safety_checks; + + char *priority_string; }; extern int mu_tls_module_init (enum mu_gocs_op, void *); diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c index dd60560..11b9903 100644 --- a/libmu_auth/tls.c +++ b/libmu_auth/tls.c @@ -426,24 +426,35 @@ static int prepare_client_session (mu_stream_t stream) { struct _mu_tls_stream *sp = (struct _mu_tls_stream *) stream; - int rc; mu_transport_t transport[2]; - static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0}; - static int kx_priority[] = {GNUTLS_KX_RSA, 0}; - static int cipher_priority[] = {GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, - 0}; - static int comp_priority[] = {GNUTLS_COMP_NULL, 0}; - static int mac_priority[] = {GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0}; - - gnutls_init (&sp->session, GNUTLS_CLIENT); - gnutls_protocol_set_priority (sp->session, protocol_priority); - gnutls_cipher_set_priority (sp->session, cipher_priority); - gnutls_compression_set_priority (sp->session, comp_priority); - gnutls_kx_set_priority (sp->session, kx_priority); - gnutls_mac_set_priority (sp->session, mac_priority); - - gnutls_certificate_allocate_credentials (&x509_cred); + int rc; + + rc = gnutls_init (&sp->session, GNUTLS_CLIENT); + if (rc < 0) + { + sp->tls_err = rc; + return -1; + } + + if (mu_tls_module_config.priority_string) + rc = gnutls_priority_set_direct (sp->session, + mu_tls_module_config.priority_string, + NULL); + else + rc = gnutls_set_default_priority (sp->session); + if (rc < 0) + { + sp->tls_err = rc; + return -1; + } + + rc = gnutls_certificate_allocate_credentials (&x509_cred); + if (rc < 0) + { + sp->tls_err = rc; + return -1; + } + if (mu_tls_module_config.ssl_cafile) { rc = gnutls_certificate_set_x509_trust_file (x509_cred, @@ -456,7 +467,12 @@ prepare_client_session (mu_stream_t stream) } } - gnutls_credentials_set (sp->session, GNUTLS_CRD_CERTIFICATE, x509_cred); + rc = gnutls_credentials_set (sp->session, GNUTLS_CRD_CERTIFICATE, x509_cred); + if (rc < 0) + { + sp->tls_err = rc; + return -1; + } mu_stream_ioctl (stream, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, transport); gnutls_transport_set_ptr2 (sp->session, diff --git a/libmu_cfg/tls.c b/libmu_cfg/tls.c index 94edcb8..b85b3de 100644 --- a/libmu_cfg/tls.c +++ b/libmu_cfg/tls.c @@ -44,7 +44,8 @@ static struct mu_tls_module_config tls_settings = { SSL_KEY_FILE_CHECKS, /* Stringent safety checks for keys */ NULL, /* CA file */ - SSL_CA_FILE_CHECKS + SSL_CA_FILE_CHECKS, + NULL /* GnuTLS Priority string */ }; static int @@ -114,6 +115,9 @@ static struct mu_cfg_param mu_tls_param[] = { cb_safety_checks, N_("Configure safety checks for SSL certificate authority file. See above for a description of <arg>."), N_("arg: list") }, + { "priority-string", mu_cfg_string, &tls_settings.priority_string, 0, NULL, + N_("Specify TLS priority string (by default \"DEFAULT\")."), + N_("string") }, { NULL } }; -- 1.7.2.5
_______________________________________________ Bug-mailutils mailing list [email protected] https://lists.gnu.org/mailman/listinfo/bug-mailutils
