Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package glib-networking for openSUSE:Factory
checked in at 2021-05-06 22:51:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/glib-networking (Old)
and /work/SRC/openSUSE:Factory/.glib-networking.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glib-networking"
Thu May 6 22:51:42 2021 rev:74 rq:890129 version:2.68.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/glib-networking/glib-networking.changes
2021-04-12 12:37:53.573406119 +0200
+++
/work/SRC/openSUSE:Factory/.glib-networking.new.2988/glib-networking.changes
2021-05-06 22:51:48.466952284 +0200
@@ -1,0 +2,8 @@
+Fri Apr 30 12:51:46 UTC 2021 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Update to version 2.68.1:
+ + Fix threadsafety issue in certificate verification.
+ + Temporarily remove support for downloading missing intermediate
+ certificates with GnuTLS 3.7.
+
+-------------------------------------------------------------------
Old:
----
glib-networking-2.68.0.tar.xz
New:
----
glib-networking-2.68.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ glib-networking.spec ++++++
--- /var/tmp/diff_new_pack.6tR4Il/_old 2021-05-06 22:51:48.866950634 +0200
+++ /var/tmp/diff_new_pack.6tR4Il/_new 2021-05-06 22:51:48.870950618 +0200
@@ -18,7 +18,7 @@
%define gio_real_package %(rpm -q --qf '%%{name}' --whatprovides gio)
Name: glib-networking
-Version: 2.68.0
+Version: 2.68.1
Release: 0
Summary: Network-related GIO modules for glib
License: LGPL-2.1-or-later
++++++ glib-networking-2.68.0.tar.xz -> glib-networking-2.68.1.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/glib-networking-2.68.0/NEWS
new/glib-networking-2.68.1/NEWS
--- old/glib-networking-2.68.0/NEWS 2021-03-19 20:39:26.489555800 +0100
+++ new/glib-networking-2.68.1/NEWS 2021-04-22 20:43:22.243552700 +0200
@@ -1,3 +1,9 @@
+2.68.1 - April 22, 2021
+=======================
+
+ - Fix threadsafety issue in certificate verification (!148)
+ - Temporarily remove support for downloading missing intermediate
certificates with GnuTLS 3.7 (#160)
+
2.68.0 - March 19, 2021
=======================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/glib-networking-2.68.0/meson.build
new/glib-networking-2.68.1/meson.build
--- old/glib-networking-2.68.0/meson.build 2021-03-19 20:39:26.490556000
+0100
+++ new/glib-networking-2.68.1/meson.build 2021-04-22 20:43:22.243552700
+0200
@@ -1,6 +1,6 @@
project(
'glib-networking', 'c',
- version: '2.68.0',
+ version: '2.68.1',
license: 'LGPL2.1+',
meson_version: '>= 0.50.0',
default_options: ['c_std=c99']
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/glib-networking-2.68.0/po/ne.po
new/glib-networking-2.68.1/po/ne.po
--- old/glib-networking-2.68.0/po/ne.po 2021-03-19 20:39:26.497556200 +0100
+++ new/glib-networking-2.68.1/po/ne.po 2021-04-22 20:43:22.252553000 +0200
@@ -6,148 +6,363 @@
msgid ""
msgstr ""
"Project-Id-Version: Gnome Nepali Translation Project\n"
-"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?";
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2017-08-09 22:34+0000\n"
-"PO-Revision-Date: 2017-08-21 12:59+0545\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/";
+"issues\n"
+"POT-Creation-Date: 2020-12-04 17:58+0000\n"
+"PO-Revision-Date: 2021-04-20 21:33+0545\n"
+"Last-Translator: Pawan Chitrakar <chaut...@gmail.com>\n"
"Language-Team: Nepali Translation Team <chaut...@gmail.com>\n"
+"Language: ne\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 2.0.3\n"
-"Last-Translator: Pawan Chitrakar <chaut...@gmail.com>\n"
+"X-Generator: Poedit 2.4.2\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"Language: ne\n"
-#: proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
-msgstr "???????????????????????? ????????????????????? ?????????????????????
?????????????????????"
+msgstr "???????????????????????? ????????????????????? ?????????????????????
?????????????????????."
+
+#: tls/base/gtlsconnection-base.c:544 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "???????????? ???????????? ?????????"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:618
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "TLS ?????????????????????????????? ??????????????? ???????????????
????????????????????? ???????????????????????????????????? ????????????
?????????????????????"
+
+#: tls/base/gtlsconnection-base.c:683 tls/base/gtlsconnection-base.c:1225
+msgid "Socket I/O timed out"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:851
+msgid "Server required TLS certificate"
+msgstr "??????????????? TLS ?????????????????????????????? ??????????????????"
+
+#: tls/base/gtlsconnection-base.c:1425
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:1484
+msgid "Peer does not support safe renegotiation"
+msgstr ""
-#: tls/gnutls/gtlscertificate-gnutls.c:176
+#: tls/base/gtlsconnection-base.c:1628 tls/gnutls/gtlsconnection-gnutls.c:428
+#: tls/openssl/gtlsconnection-openssl.c:189
+#: tls/openssl/gtlsconnection-openssl.c:648
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "?????????????????? TLS ??????????????????????????????"
+
+#: tls/base/gtlsconnection-base.c:2093
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "????????????????????? ??????????????? ????????? ?????????????????????
???????????????"
+
+#: tls/base/gtlsconnection-base.c:2245
+#, c-format
+msgid "Send flags are not supported"
+msgstr "????????????????????? ??????????????? ????????? ?????????????????????
???????????????"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/openssl/gtlscertificate-openssl.c:170
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER ?????????????????????????????? ??????????????? ????????????
????????????:% s"
-#: tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:215
+#: tls/openssl/gtlscertificate-openssl.c:190
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM ?????????????????????????????? ??????????????? ????????????
????????????:% s"
-#: tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:238
+#: tls/openssl/gtlscertificate-openssl.c:209
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "DER ???????????? ?????????????????? ??????????????? ????????????
????????????:%s"
-#: tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:228
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr ""
+msgstr "PEM ??????????????????????????? ?????????????????? ??????
??????????????? ???????????? ????????????: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:288
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "PKCS #11 ?????????????????????????????? URI ???????????? ????????????
????????????: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:330
+#: tls/openssl/gtlscertificate-openssl.c:263
msgid "No certificate data provided"
msgstr "?????????????????????????????? ???????????? ??????????????????
?????????"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:375
-msgid "Server required TLS certificate"
-msgstr "??????????????? TLS ?????????????????????????????? ?????????????????? "
-
-#: tls/gnutls/gtlsconnection-gnutls.c:310
+#: tls/gnutls/gtlsconnection-gnutls.c:143
+#: tls/gnutls/gtlsconnection-gnutls.c:161
+#: tls/openssl/gtlsclientconnection-openssl.c:428
+#: tls/openssl/gtlsserverconnection-openssl.c:480
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "TLS ???????????? ????????????????????? ???????????? ????????????: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:572
-msgid "Connection is closed"
-msgstr "???????????? ???????????? ?????????"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:645
-#: tls/gnutls/gtlsconnection-gnutls.c:1528
-msgid "Operation would block"
-msgstr "????????????????????? ???????????? ????????????"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:792
-#: tls/gnutls/gtlsconnection-gnutls.c:831
-msgid "Peer failed to perform TLS handshake"
-msgstr "???????????? TLS ?????????????????????????????? ????????????
???????????? ?????????"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:810
-msgid "Peer requested illegal TLS rehandshake"
-msgstr ""
+#: tls/gnutls/gtlsconnection-gnutls.c:372
+#: tls/gnutls/gtlsconnection-gnutls.c:383
+#: tls/gnutls/gtlsconnection-gnutls.c:397
+#: tls/openssl/gtlsconnection-openssl.c:156
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "?????????????????? TLS ??????????????????????????????
????????????????????? ???????????? ???????????? ?????????: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:837
+#: tls/gnutls/gtlsconnection-gnutls.c:405
msgid "TLS connection closed unexpectedly"
msgstr "TLS ???????????? ????????????????????? ???????????? ?????????"
-#: tls/gnutls/gtlsconnection-gnutls.c:847
+#: tls/gnutls/gtlsconnection-gnutls.c:420
+#: tls/openssl/gtlsconnection-openssl.c:181
msgid "TLS connection peer did not send a certificate"
msgstr "???????????? TLS ?????????????????? ??????????????????????????????
?????????????????????"
-#: tls/gnutls/gtlsconnection-gnutls.c:853
+#: tls/gnutls/gtlsconnection-gnutls.c:436
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr ""
-#: tls/gnutls/gtlsconnection-gnutls.c:1241
-#: tls/gnutls/gtlsconnection-gnutls.c:1274
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+msgid "Protocol version downgrade attack detected"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:455
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+msgstr[1] ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:464
+msgid "The operation timed out"
+msgstr "????????????????????? ????????? ?????????????????? ?????????"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:796
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "TLS ?????????????????????????????? ??????????????? ??????????????????:
%s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1284
-msgid "Server did not return a valid TLS certificate"
-msgstr "????????????????????? ????????? TLS ??????????????????????????????
????????????????????? ????????????"
+#: tls/gnutls/gtlsconnection-gnutls.c:899
+#: tls/openssl/gtlsconnection-openssl.c:427
+#: tls/openssl/gtlsconnection-openssl.c:641
+msgid "Error performing TLS handshake"
+msgstr "TLS ?????????????????????????????? ?????????????????????
??????????????? ??????????????????"
-#: tls/gnutls/gtlsconnection-gnutls.c:1354
-msgid "Unacceptable TLS certificate"
-msgstr "?????????????????? TLS ??????????????????????????????"
+#: tls/gnutls/gtlsconnection-gnutls.c:957
+#, c-format
+msgid "Channel binding type tls-unique is not implemented in the TLS library"
+msgstr ""
+"?????????????????? ???????????????????????? ??????????????????
TLS-???????????????????????? ?????????????????? ????????????????????????
???????????? ???????????? tls-unique TLS "
+"????????????????????????????????? ?????????????????????????????????
???????????? ?????????"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:961
+#, c-format
+msgid "Channel binding data for tls-unique is not yet available"
+msgstr "tls-unique ?????? ???????????? ??????????????????
???????????????????????? ???????????? ??????????????? ????????????
?????????????????? ?????????"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:988
+#: tls/gnutls/gtlsconnection-gnutls.c:1000
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "?????????????????? X.????????? ??????????????????????????????
?????????????????? ?????????"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1013
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 ?????????????????????????????? ?????????????????? ?????????
?????? ?????????????????? ????????????????????? ???: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1562
+#: tls/gnutls/gtlsconnection-gnutls.c:1024
+#: tls/openssl/gtlsconnection-openssl.c:520
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "TLS ????????????????????? ???????????? ???????????????
??????????????????: %s"
+msgid "Unable to obtain certificate signature algorithm"
+msgstr ""
-#: tls/gnutls/gtlsconnection-gnutls.c:1591
+#: tls/gnutls/gtlsconnection-gnutls.c:1040
+#: tls/openssl/gtlsconnection-openssl.c:540
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "TLS ?????????????????? ???????????? ??????????????????
??????????????????: %s"
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1126
+#: tls/openssl/gtlsconnection-openssl.c:620
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1147
+#: tls/gnutls/gtlsconnection-gnutls.c:1207
+#: tls/openssl/gtlsconnection-openssl.c:752
+msgid "Error reading data from TLS socket"
+msgstr "TLS ????????????????????? ???????????? ???????????????
??????????????????"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:1229
+#: tls/gnutls/gtlsconnection-gnutls.c:1292
+#: tls/openssl/gtlsconnection-openssl.c:796
+msgid "Error writing data to TLS socket"
+msgstr "TLS ?????????????????? ???????????? ??????????????????
??????????????????"
-#: tls/gnutls/gtlsconnection-gnutls.c:1655
+#: tls/gnutls/gtlsconnection-gnutls.c:1262
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+msgstr[1] ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1264
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(?????????????????? %u ???????????? ??????)"
+msgstr[1] "(?????????????????? %u ???????????? ??????)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1311
#, c-format
msgid "Error performing TLS close: %s"
msgstr "TLS ???????????? ??????????????? ??????????????????: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:107
+#: tls/gnutls/gtlsdatabase-gnutls.c:575
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:580 tls/openssl/gtlsdatabase-openssl.c:187
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr ""
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr ""
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:170
+#: tls/openssl/gtlsserverconnection-openssl.c:226
msgid "Certificate has no private key"
msgstr "???????????????????????????????????? ???????????? ??????????????????
?????????"
-#: tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "???????????? ???????????? ????????? ?????? ?????????
???????????????????????? ???????????? ?????????????????? ???????????? ?????????"
+#: tls/openssl/gtlsclientconnection-openssl.c:308
+#: tls/openssl/gtlsserverconnection-openssl.c:344
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "TLS ???????????? ???????????? ????????? ???????????? ????????????: %s"
-#: tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr "???????????? ????????? ?????????????????? ????????? ???, ???
??????????????? ?????????????????? ????????? ???????????? ????????????
?????????????????????"
+#: tls/openssl/gtlsclientconnection-openssl.c:324
+#: tls/openssl/gtlsserverconnection-openssl.c:360
+#, c-format
+msgid "Could not set MAX protocol to %ld: %s"
+msgstr "%ld ?????? MAX ???????????????????????? ????????? ????????????
????????????: %s"
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "???????????????????????? ????????? ???????????????"
+#: tls/openssl/gtlsclientconnection-openssl.c:377
+#: tls/openssl/gtlsserverconnection-openssl.c:413
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS ??????????????????????????? ????????????????????? ????????????
????????????: %s"
-#: tls/pkcs11/gpkcs11slot.c:449
-msgid "Module"
-msgstr "?????????????????????"
+#: tls/openssl/gtlsconnection-openssl.c:197
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "???????????? TLS ?????????????????????????????? ??????????????????"
-#: tls/pkcs11/gpkcs11slot.c:450
-msgid "PKCS#11 Module Pointer"
+#: tls/openssl/gtlsconnection-openssl.c:205
+msgid "Digest too big for RSA key"
msgstr ""
-#: tls/pkcs11/gpkcs11slot.c:457
-msgid "Slot ID"
-msgstr "????????????????????????"
+#: tls/openssl/gtlsconnection-openssl.c:213
+msgid "Secure renegotiation is disabled"
+msgstr "???????????????????????? ?????????: ?????????????????? ???????????????
????????????????????? ???"
-#: tls/pkcs11/gpkcs11slot.c:458
-msgid "PKCS#11 Slot Identifier"
+#: tls/openssl/gtlsconnection-openssl.c:234
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: ???????????? ????????????????????? ?????????"
+
+#: tls/openssl/gtlsconnection-openssl.c:489
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "?????????????????? ???????????????????????? ???????????? tls-unique
?????????????????? ?????????"
+
+#: tls/openssl/gtlsconnection-openssl.c:512
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "?????????????????? X.????????? ??????????????????????????????
?????????????????? ?????????"
+
+#: tls/openssl/gtlsconnection-openssl.c:558
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:589
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:592
+#, c-format
+msgid "Unexpected error while exporting keying data"
msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:833
+msgid "Error performing TLS close"
+msgstr "TLS ???????????? ????????????????????? ???????????????
??????????????????"
+
+#: tls/openssl/gtlsdatabase-openssl.c:227
+msgid "Could not create CA store"
+msgstr "CA ????????????????????? ????????????????????? ????????????
????????????"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:177
+#: tls/openssl/gtlsserverconnection-openssl.c:245
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "???????????????????????????????????? ???????????????????????????
???????????????????????? ?????????????????? ???: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:186
+#: tls/openssl/gtlsserverconnection-openssl.c:237
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "???????????????????????????????????? ?????????????????? ???: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "????????????????????? ???????????? ????????????"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "????????????????????? ????????? TLS ??????????????????????????????
????????????????????? ????????????"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "???????????? ???????????? ????????? ?????? ?????????
???????????????????????? ???????????? ?????????????????? ???????????? ?????????"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "???????????? ????????? ?????????????????? ????????? ???, ???
??????????????? ?????????????????? ????????? ???????????? ????????????
?????????????????????"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "???????????????????????? ????????? ???????????????"
+
+#~ msgid "Module"
+#~ msgstr "?????????????????????"
+
+#~ msgid "Slot ID"
+#~ msgstr "????????????????????????"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/glib-networking-2.68.0/po/nl.po
new/glib-networking-2.68.1/po/nl.po
--- old/glib-networking-2.68.0/po/nl.po 2021-03-19 20:39:26.497556200 +0100
+++ new/glib-networking-2.68.1/po/nl.po 2021-04-22 20:43:22.252553000 +0200
@@ -3,7 +3,7 @@
#
# Wouter Bolsterlee <wbols...@gnome.org>, 2011???2013
# Rachid <rachi...@ubuntu.com>, 2012.
-# Nathan Follens <n...@unseen.is>, 2017, 2019.
+# Nathan Follens <n...@unseen.is>, 2017, 2019, 2021.
#
# Peer - andere kant van de verbinding (heel vrij vertaald)
msgid ""
@@ -11,22 +11,22 @@
"Project-Id-Version: gconf\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/";
"issues\n"
-"POT-Creation-Date: 2019-09-21 08:32+0000\n"
-"PO-Revision-Date: 2019-09-25 12:51+0200\n"
+"POT-Creation-Date: 2020-12-04 17:58+0000\n"
+"PO-Revision-Date: 2021-04-01 20:46+0200\n"
"Last-Translator: Nathan Follens <n...@unseen.is>\n"
-"Language-Team: Dutch <vertal...@vrijschrift.org>\n"
+"Language-Team: Dutch <gnome-nl-l...@gnome.org>\n"
"Language: nl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 2.2.3\n"
+"X-Generator: Poedit 2.4.2\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Interne fout in proxy-resolver."
-#: tls/base/gtlsconnection-base.c:490 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsconnection-base.c:544 tls/base/gtlsinputstream.c:78
#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
@@ -39,51 +39,57 @@
#. * the handshake (forever, if there's no timeout). Even a close
#. * op would deadlock here.
#.
-#: tls/base/gtlsconnection-base.c:560
+#: tls/base/gtlsconnection-base.c:618
msgid "Cannot perform blocking operation during TLS handshake"
msgstr "Kan blokkeerbewerking tijdens TLS-handshake niet uitvoeren"
-#: tls/base/gtlsconnection-base.c:623 tls/base/gtlsconnection-base.c:1161
+#: tls/base/gtlsconnection-base.c:683 tls/base/gtlsconnection-base.c:1225
msgid "Socket I/O timed out"
msgstr "Time-out bij socket-I/O"
-#: tls/base/gtlsconnection-base.c:787
+#: tls/base/gtlsconnection-base.c:851
msgid "Server required TLS certificate"
msgstr "Server vereiste een TLS-certificaat"
-#: tls/base/gtlsconnection-base.c:1383
+#: tls/base/gtlsconnection-base.c:1425
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Handshake is niet voltooid, nog geen kanaalbindingsinformatie"
+
+#: tls/base/gtlsconnection-base.c:1484
msgid "Peer does not support safe renegotiation"
msgstr "Peer ondersteunt geen veilige heronderhandeling"
-#: tls/base/gtlsconnection-base.c:1511 tls/gnutls/gtlsconnection-gnutls.c:419
-#: tls/openssl/gtlsconnection-openssl.c:184
+#: tls/base/gtlsconnection-base.c:1628 tls/gnutls/gtlsconnection-gnutls.c:428
+#: tls/openssl/gtlsconnection-openssl.c:189
+#: tls/openssl/gtlsconnection-openssl.c:648
#, c-format
msgid "Unacceptable TLS certificate"
msgstr "Onacceptabel TLS-certificaat"
-#: tls/base/gtlsconnection-base.c:1932
+#: tls/base/gtlsconnection-base.c:2093
#, c-format
msgid "Receive flags are not supported"
msgstr "Ontvangstvlaggen worden niet ondersteund"
-#: tls/base/gtlsconnection-base.c:2076
+#: tls/base/gtlsconnection-base.c:2245
#, c-format
msgid "Send flags are not supported"
msgstr "Verstuurvlaggen worden niet ondersteund"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/gnutls/gtlscertificate-gnutls.c:194
#: tls/openssl/gtlscertificate-openssl.c:170
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Kon DER-certificaat niet parseren: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/gnutls/gtlscertificate-gnutls.c:215
#: tls/openssl/gtlscertificate-openssl.c:190
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Kon PEM-certificaat niet parseren: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/gnutls/gtlscertificate-gnutls.c:238
#: tls/openssl/gtlscertificate-openssl.c:209
#, c-format
msgid "Could not parse DER private key: %s"
@@ -95,104 +101,148 @@
msgid "Could not parse PEM private key: %s"
msgstr "Kon PEM-priv??sleutel niet parseren: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/gnutls/gtlscertificate-gnutls.c:288
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Kon PKCS#11-certificaat-URL niet importeren: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:330
#: tls/openssl/gtlscertificate-openssl.c:263
msgid "No certificate data provided"
msgstr "Geen certificaatgegevens opgegeven"
-#: tls/gnutls/gtlsconnection-gnutls.c:224
-#: tls/openssl/gtlsclientconnection-openssl.c:520
-#: tls/openssl/gtlsserverconnection-openssl.c:399
+#: tls/gnutls/gtlsconnection-gnutls.c:143
+#: tls/gnutls/gtlsconnection-gnutls.c:161
+#: tls/openssl/gtlsclientconnection-openssl.c:428
+#: tls/openssl/gtlsserverconnection-openssl.c:480
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Kon geen TLS-verbinding maken: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:353
-#: tls/gnutls/gtlsconnection-gnutls.c:364
-#: tls/gnutls/gtlsconnection-gnutls.c:388
-#: tls/openssl/gtlsconnection-openssl.c:151
+#: tls/gnutls/gtlsconnection-gnutls.c:372
+#: tls/gnutls/gtlsconnection-gnutls.c:383
+#: tls/gnutls/gtlsconnection-gnutls.c:397
+#: tls/openssl/gtlsconnection-openssl.c:156
#, c-format
msgid "Peer failed to perform TLS handshake: %s"
msgstr "Andere kant van de verbinding gaf geen TLS-handshake: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:375
-#: tls/openssl/gtlsconnection-openssl.c:260
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Andere kant van de verbinding verzocht een ongeldige TLS-rehandshake"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:396
+#: tls/gnutls/gtlsconnection-gnutls.c:405
msgid "TLS connection closed unexpectedly"
msgstr "TLS-verbinding onverwachts afgebroken"
-#: tls/gnutls/gtlsconnection-gnutls.c:411
-#: tls/openssl/gtlsconnection-openssl.c:176
+#: tls/gnutls/gtlsconnection-gnutls.c:420
+#: tls/openssl/gtlsconnection-openssl.c:181
msgid "TLS connection peer did not send a certificate"
msgstr "TLS-verbinding van andere kant stuurde geen certificaat"
-#: tls/gnutls/gtlsconnection-gnutls.c:427
+#: tls/gnutls/gtlsconnection-gnutls.c:436
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Andere kant van de verbinding stuurde fatale TLS-waarschuwing: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:446
msgid "Protocol version downgrade attack detected"
msgstr "Downgrade-aanval op de protocolversie gedetecteerd"
-#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:455
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "Bericht is te groot voor DTLS-verbinding; maximaal %u byte"
msgstr[1] "Bericht is te groot voor DTLS-verbinding, maximaal %u bytes"
-#: tls/gnutls/gtlsconnection-gnutls.c:455
+#: tls/gnutls/gtlsconnection-gnutls.c:464
msgid "The operation timed out"
msgstr "Time-out bij bewerking"
-#: tls/gnutls/gtlsconnection-gnutls.c:790
+#: tls/gnutls/gtlsconnection-gnutls.c:796
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Fout bij uitvoeren van TLS-handshake: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:893
-#: tls/openssl/gtlsconnection-openssl.c:269
-#: tls/openssl/gtlsconnection-openssl.c:319
+#: tls/gnutls/gtlsconnection-gnutls.c:899
+#: tls/openssl/gtlsconnection-openssl.c:427
+#: tls/openssl/gtlsconnection-openssl.c:641
msgid "Error performing TLS handshake"
msgstr "Fout bij uitvoeren van TLS-handshake"
-#: tls/gnutls/gtlsconnection-gnutls.c:939
-#: tls/gnutls/gtlsconnection-gnutls.c:999
-#: tls/openssl/gtlsconnection-openssl.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:957
+#, c-format
+msgid "Channel binding type tls-unique is not implemented in the TLS library"
+msgstr ""
+"Kanaalbindingstype tls-unique is niet ge??mplementeerd in de TLS-bibliotheek"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:961
+#, c-format
+msgid "Channel binding data for tls-unique is not yet available"
+msgstr "Kanaalbindingsgegevens voor tls-unique zijn nog niet beschikbaar"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:988
+#: tls/gnutls/gtlsconnection-gnutls.c:1000
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509-certificaat is niet beschikbaar op de verbinding"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1013
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509-certificaat is niet beschikbaar of van een onbekend formaat: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1024
+#: tls/openssl/gtlsconnection-openssl.c:520
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Kon certificaatondertekeningsalgoritme niet verkrijgen"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1040
+#: tls/openssl/gtlsconnection-openssl.c:540
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Huidig X.509-certificaat gebruikt een onbekend of niet-ondersteund "
+"ondertekeningsalgoritme"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1126
+#: tls/openssl/gtlsconnection-openssl.c:620
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Gevraagd kanaalbindingstype is niet ge??mplementeerd"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1147
+#: tls/gnutls/gtlsconnection-gnutls.c:1207
+#: tls/openssl/gtlsconnection-openssl.c:752
msgid "Error reading data from TLS socket"
msgstr "Fout bij het lezen van de TLS-socket"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:1021
-#: tls/gnutls/gtlsconnection-gnutls.c:1085
-#: tls/openssl/gtlsconnection-openssl.c:470
+#: tls/gnutls/gtlsconnection-gnutls.c:1229
+#: tls/gnutls/gtlsconnection-gnutls.c:1292
+#: tls/openssl/gtlsconnection-openssl.c:796
msgid "Error writing data to TLS socket"
msgstr "Fout bij het schrijven naar de TLS-socket"
-#: tls/gnutls/gtlsconnection-gnutls.c:1055
+#: tls/gnutls/gtlsconnection-gnutls.c:1262
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Bericht van grootte %lu byte is te groot voor DTLS-verbinding"
msgstr[1] "Bericht van grootte %lu bytes is te groot voor DTLS-verbinding"
-#: tls/gnutls/gtlsconnection-gnutls.c:1057
+#: tls/gnutls/gtlsconnection-gnutls.c:1264
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(maximaal %u byte)"
msgstr[1] "(maximaal %u bytes)"
-#: tls/gnutls/gtlsconnection-gnutls.c:1104
+#: tls/gnutls/gtlsconnection-gnutls.c:1311
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Fout bij sluiten van TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:575
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
@@ -200,34 +250,85 @@
"Laden van vertrouwensopslag van systeem mislukt: GnuTLS is niet "
"geconfigureerd met een systeemvertrouwen"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558 tls/openssl/gtlsdatabase-openssl.c:187
+#: tls/gnutls/gtlsdatabase-gnutls.c:580 tls/openssl/gtlsdatabase-openssl.c:187
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Laden van vertrouwensopslag van systeem mislukt: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:90
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Vertrouwenslijst van %s invullen mislukt: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:170
+#: tls/openssl/gtlsserverconnection-openssl.c:226
msgid "Certificate has no private key"
msgstr "Certificaat heeft geen priv??sleutel"
-#: tls/openssl/gtlsclientconnection-openssl.c:410
-#: tls/openssl/gtlsclientconnection-openssl.c:467
-#: tls/openssl/gtlsserverconnection-openssl.c:288
-#: tls/openssl/gtlsserverconnection-openssl.c:339
+#: tls/openssl/gtlsclientconnection-openssl.c:308
+#: tls/openssl/gtlsserverconnection-openssl.c:344
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Kon TLS-cipherlijst niet verkrijgen: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:324
+#: tls/openssl/gtlsserverconnection-openssl.c:360
+#, c-format
+msgid "Could not set MAX protocol to %ld: %s"
+msgstr "Kon MAX-protocol niet instellen op %ld: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:377
+#: tls/openssl/gtlsserverconnection-openssl.c:413
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Kon geen TLS-context maken: %s"
-#: tls/openssl/gtlsconnection-openssl.c:192
+#: tls/openssl/gtlsconnection-openssl.c:197
#, c-format
msgid "Unacceptable TLS certificate authority"
msgstr "Onacceptabele TLS-certificaatautoriteit"
-#: tls/openssl/gtlsconnection-openssl.c:200
+#: tls/openssl/gtlsconnection-openssl.c:205
msgid "Digest too big for RSA key"
msgstr "Digest te groot voor RSA-sleutel"
-#: tls/openssl/gtlsconnection-openssl.c:507
+#: tls/openssl/gtlsconnection-openssl.c:213
+msgid "Secure renegotiation is disabled"
+msgstr "Veilige heronderhandeling is uitgeschakeld"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: de verbinding is verbroken"
+
+#: tls/openssl/gtlsconnection-openssl.c:489
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Kanaalbindingsgegevens van tls-unique zijn niet beschikbaar"
+
+#: tls/openssl/gtlsconnection-openssl.c:512
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509-certificaat is niet beschikbaar op de verbinding"
+
+#: tls/openssl/gtlsconnection-openssl.c:558
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Aanmaken van X.509-certificaatsdigest mislukt"
+
+#: tls/openssl/gtlsconnection-openssl.c:589
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS-verbinding biedt geen ondersteuning voor TLS-Exporter-functie"
+
+#: tls/openssl/gtlsconnection-openssl.c:592
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Onverwachte fout bij exporteren van sleutelgegevens"
+
+#: tls/openssl/gtlsconnection-openssl.c:833
msgid "Error performing TLS close"
msgstr "Fout bij sluiten van TLS"
@@ -235,20 +336,24 @@
msgid "Could not create CA store"
msgstr "Kon geen CA-opslag aanmaken"
-#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#: tls/openssl/gtlsserverconnection-openssl.c:177
+#: tls/openssl/gtlsserverconnection-openssl.c:245
#, c-format
-msgid "Failed to load file path: %s"
-msgstr "Laden van bestandspad mislukt: %s"
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Probleem met priv??sleutel van certificaat: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:101
+#: tls/openssl/gtlsserverconnection-openssl.c:186
+#: tls/openssl/gtlsserverconnection-openssl.c:237
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Probleem met certificaat: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:109
-#, c-format
-msgid "There is a problem with the certificate private key: %s"
-msgstr "Probleem met priv??sleutel van certificaat: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr ""
+#~ "Andere kant van de verbinding verzocht een ongeldige TLS-rehandshake"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Laden van bestandspad mislukt: %s"
#~ msgid "Operation would block"
#~ msgstr "Bewerking zou blokkeren"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/glib-networking-2.68.0/tls/gnutls/gtlsdatabase-gnutls.c
new/glib-networking-2.68.1/tls/gnutls/gtlsdatabase-gnutls.c
--- old/glib-networking-2.68.0/tls/gnutls/gtlsdatabase-gnutls.c 2021-03-19
20:39:26.504556200 +0100
+++ new/glib-networking-2.68.1/tls/gnutls/gtlsdatabase-gnutls.c 2021-04-22
20:43:22.262553200 +0200
@@ -43,7 +43,7 @@
*/
GMutex mutex;
- /* read-only after construct */
+ /* Read-only after construct, but still has to be protected by the mutex. */
gnutls_x509_trust_list_t trust_list;
/*
@@ -66,9 +66,6 @@
* string handles. This array is populated on demand.
*/
GHashTable *handles;
-
- /* Unowned. This is only set temporarily, during certificate verification. */
- GCancellable *verify_chain_cancellable;
} GTlsDatabaseGnutlsPrivate;
static void g_tls_database_gnutls_initable_interface_init (GInitableIface
*iface);
@@ -223,8 +220,6 @@
GTlsDatabaseGnutls *self = G_TLS_DATABASE_GNUTLS (object);
GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private
(self);
- g_assert (!priv->verify_chain_cancellable);
-
g_clear_pointer (&priv->subjects, g_hash_table_destroy);
g_clear_pointer (&priv->issuers, g_hash_table_destroy);
g_clear_pointer (&priv->complete, g_hash_table_destroy);
@@ -501,13 +496,12 @@
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_CERTIFICATE_GENERIC_ERROR;
- g_assert (!priv->verify_chain_cancellable);
- priv->verify_chain_cancellable = cancellable;
+ g_mutex_lock (&priv->mutex);
gnutls_chain = convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS
(chain));
gerr = gnutls_x509_trust_list_verify_crt (priv->trust_list,
gnutls_chain->chain,
gnutls_chain->length,
0, &gnutls_result, NULL);
- priv->verify_chain_cancellable = NULL;
+ g_mutex_unlock (&priv->mutex);
if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error))
{
@@ -583,131 +577,6 @@
return gerr >= 0;
}
-#if GNUTLS_VERSION_MAJOR > 3 || GNUTLS_VERSION_MAJOR == 3 &&
GNUTLS_VERSION_MINOR >= 7
-static int
-issuer_missing_cb (gnutls_x509_trust_list_t tlist,
- const gnutls_x509_crt_t crt,
- gnutls_x509_crt_t **issuers,
- guint *issuers_size)
-{
- GTlsDatabaseGnutls *self = gnutls_x509_trust_list_get_ptr (tlist);
- GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private
(self);
- gnutls_datum_t datum;
- GFile *file = NULL;
- GFileInputStream *istream = NULL;
- char *aia = NULL;
- char *scheme = NULL;
- int gerr;
- int ret = -1;
- guchar buffer[2048];
- gssize n_read;
- GByteArray *der = NULL;
- GError *error = NULL;
-
- /* The server sent an incomplete certificate chain, but we may be able to
- * download the missing certificate to allow verification to proceed. See
- * Authority Information Access, RFC 5280 ??4.2.2.1. Also see:
- *
https://blogs.gnome.org/mcatanzaro/2015/01/30/mozilla-is-responsible-for-the-redhat-corpmerchandise-com-fiasco/
- */
-
- for (int i = 0; ; i++)
- {
- gerr = gnutls_x509_crt_get_authority_info_access (crt, i,
GNUTLS_IA_CAISSUERS_URI, &datum, NULL);
- if (gerr == GNUTLS_E_UNKNOWN_ALGORITHM)
- continue;
-
- if (gerr == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return -1;
-
- if (gerr < 0)
- {
- g_warning ("Failed to read Authority Information Access from
certificate: %s", gnutls_strerror (gerr));
- return -1;
- }
-
- /* Success */
- break;
- }
- g_assert (gerr == GNUTLS_E_SUCCESS);
-
- aia = g_malloc0 (datum.size + 1);
- memcpy (aia, datum.data, datum.size);
-
- if (!g_uri_is_valid (aia, G_URI_FLAGS_NONE, &error))
- {
- g_warning ("Authority Information Access URI %s is not a valid URI: %s",
aia, error->message);
- goto out;
- }
-
- /* We support only HTTP. Notably, HTTPS is not supported because (a) it is
- * not specified by RFC 5280, and (b) since we have no way to break a
- * recursive loop if the connection to retrieve the certificate itself also
- * requires a missing certificate. We could easily support FTP, but we don't,
- * because that's silly. Also note that we don't support "certs-only" CMS
- * messages, we only support directly retrieving a DER certificate. Finally,
- * we don't support the case where accessLocation is a directoryName, so no
- * private DAP or LDAP.
- */
- scheme = g_uri_parse_scheme (aia);
- if (!scheme || strcmp (scheme, "http") != 0)
- {
- g_warning ("Authority Information Access URI %s uses unsupported URI
scheme '%s'", scheme, aia);
- goto out;
- }
-
- file = g_file_new_for_uri (aia);
- istream = g_file_read (file, priv->verify_chain_cancellable, &error);
- if (!istream)
- {
- g_warning ("Failed to download missing issuer certificate from Authority
Information Access URI %s: failed g_file_read (do you need to install gvfs?):
%s",
- aia, error->message);
- goto out;
- }
-
- der = g_byte_array_sized_new (sizeof (buffer));
- do
- {
- n_read = g_input_stream_read (G_INPUT_STREAM (istream), buffer, sizeof
(buffer),
- priv->verify_chain_cancellable, &error);
- if (n_read == -1)
- {
- g_warning ("Failed to download missing issuer certificate from
Authority Information Access URI %s: failed g_input_stream_read: %s",
- aia, error->message);
- goto out;
- }
- g_byte_array_append (der, buffer, n_read);
- } while (n_read > 0);
-
- gnutls_free (datum.data);
- datum.size = der->len;
- datum.data = (unsigned char *)g_byte_array_free (der, FALSE);
- der = NULL;
-
- gerr = gnutls_x509_crt_list_import2 (issuers, issuers_size, &datum,
GNUTLS_X509_FMT_DER, 0);
- if (gerr < 0)
- {
- g_warning ("Failed to download missing issuer certificate from Authority
Information Access URI %s: failed gnutls_x509_crt_import: %s",
- aia, gnutls_strerror (gerr));
- goto out;
- }
-
- ret = 0;
-
-out:
- if (error)
- g_error_free (error);
- if (file)
- g_object_unref (file);
- if (istream)
- g_object_unref (istream);
- if (der)
- g_byte_array_unref (der);
- gnutls_free (datum.data);
- g_free (aia);
- return ret;
-}
-#endif
-
static void
g_tls_database_gnutls_class_init (GTlsDatabaseGnutlsClass *klass)
{
@@ -743,10 +612,6 @@
return FALSE;
gnutls_x509_trust_list_init (&trust_list, 0);
-#if GNUTLS_VERSION_MAJOR > 3 || GNUTLS_VERSION_MAJOR == 3 &&
GNUTLS_VERSION_MINOR >= 7
- gnutls_x509_trust_list_set_getissuer_function (trust_list,
issuer_missing_cb);
- gnutls_x509_trust_list_set_ptr (trust_list, self);
-#endif
g_assert (G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->populate_trust_list);
if (!G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->populate_trust_list (self,
trust_list, error))
