PKG_CHECK_MODULES([TLS2], [gnutls >= 2.10.2],
[AC_DEFINE(USE_GNUTLS2, 1, [Use GnuTLS 2 or higher])],
[dummy="no"])
- PKG_CHECK_MODULES([TLSTICKET], [gnutls >= 2.10.2],
- [AC_DEFINE(USE_GNUTLS2_10, 1, [Use GnuTLS 2.10])],
- [dummy="no"])
- PKG_CHECK_MODULES([TLSSTRERROR], [gnutls >= 2.10.2],
- [AC_DEFINE(USE_GNUTLS2_6, 1, [Use GnuTLS 2.6])],
- [dummy="no"])
if test "x$_ecore_have_gnutls" = "xyes";then
AC_PATH_GENERIC([libgcrypt], [], [_ecore_have_gnutls="yes"], [_ecore_have_gnutls="no"])
if test "x${_ecore_have_gnutls}" = "xyes" ; then
static void
_gnutls_print_errors(int ret)
{
-#ifdef USE_GNUTLS2_6
if (ret)
ERR("gnutls returned with error: %s - %s", gnutls_strerror_name(ret), gnutls_strerror(ret));
-#endif
}
return "Client hello";
case GNUTLS_HANDSHAKE_SERVER_HELLO:
return "Server hello";
-#ifdef USE_GNUTLS2_10
case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
return "New session ticket";
-#endif
case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
return "Certificate packet";
case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
const gnutls_datum_t *cert_list;
unsigned int iter, cert_list_size;
gnutls_x509_crt_t cert = NULL;
-#ifdef USE_GNUTLS2_10
const char *priority = "NONE:%VERIFY_ALLOW_X509_V1_CA_CRT:+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+COMP-DEFLATE:+COMP-NULL:+CTYPE-X509:+SHA1:+SHA256:+SHA384:+SHA512:+AES-256-CBC:+AES-128-CBC:+3DES-CBC:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
-#else
- const char *priority = "NONE:%VERIFY_ALLOW_X509_V1_CA_CRT:+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+COMP-DEFLATE:+COMP-NULL:+CTYPE-X509:+SHA1:+SHA256:+SHA384:+SHA512:+AES-256-CBC:+AES-128-CBC:+3DES-CBC:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
-#endif
int ret = 0;
switch (svr->ssl_state)
}
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_init(&svr->session, GNUTLS_CLIENT));
-#ifdef USE_GNUTLS2_10
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_session_ticket_enable_client(svr->session));
-#endif
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_server_name_set(svr->session, GNUTLS_NAME_DNS, svr->name, strlen(svr->name)));
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_priority_set_direct(svr->session, priority, NULL));
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(svr->session, GNUTLS_CRD_CERTIFICATE, svr->cert));
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
case ECORE_CON_SSL_STATE_HANDSHAKING:
ret = gnutls_handshake(svr->session);
-#ifdef USE_GNUTLS2_6
DBG("calling gnutls_handshake(): returned with '%s'", gnutls_strerror_name(ret));
-#endif
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_error_is_fatal(ret));
if (!ret)
{
ERR("The certificate hasn't got a known issuer.");
else if (iter & GNUTLS_CERT_REVOKED)
ERR("The certificate has been revoked.");
-#ifdef USE_GNUTLS2_10
else if (iter & GNUTLS_CERT_EXPIRED)
ERR("The certificate has expired");
else if (iter & GNUTLS_CERT_NOT_ACTIVATED)
ERR("The certificate is not yet activated");
-#endif
if (iter)
goto error;
static Ecore_Con_Ssl_Error
_ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *cl)
{
-#ifdef USE_GNUTLS2_10
const char *priority = "NONE:%VERIFY_ALLOW_X509_V1_CA_CRT:+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+COMP-DEFLATE:+COMP-NULL:+CTYPE-X509:+SHA1:+SHA256:+SHA384:+SHA512:+AES-256-CBC:+AES-128-CBC:+3DES-CBC:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
-#else
- const char *priority = "NONE:%VERIFY_ALLOW_X509_V1_CA_CRT:+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+COMP-DEFLATE:+COMP-NULL:+CTYPE-X509:+SHA1:+SHA256:+SHA384:+SHA512:+AES-256-CBC:+AES-128-CBC:+3DES-CBC:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
-#endif
int ret = 0;
switch (cl->ssl_state)
projects / profile / ivi / ecore.git / commitdiff