Require at least GnuTLS 1.0.0.

2004-01-21  Joe Shaw  <joe@ximian.com>

	* configure.in: Require at least GnuTLS 1.0.0.

	* libsoup/soup-gnutls.c: Fix the use of deprecated GnuTLS
	functions.
	(verify_certificate): Use gnutls_x509_crt_import() and
	gnutls_x509_crt_check_hostname() instead of
	gnutls_x509_check_certificates_hostname().
	(init_dh_params): Use gnutls_dh_params_generate2() instead of
	gnutls_dh_params_generate() and gnutls_dh_params_set().

diff --git a/ChangeLog b/ChangeLog
index ea4d372..e28961a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2004-01-21  Joe Shaw  <joe@ximian.com>
+
+       * configure.in: Require at least GnuTLS 1.0.0.
+
+       * libsoup/soup-gnutls.c: Fix the use of deprecated GnuTLS
+       functions.
+       (verify_certificate): Use gnutls_x509_crt_import() and
+       gnutls_x509_crt_check_hostname() instead of
+       gnutls_x509_check_certificates_hostname().
+       (init_dh_params): Use gnutls_dh_params_generate2() instead of
+       gnutls_dh_params_generate() and gnutls_dh_params_set().
+
 2004-01-20  Joe Shaw  <joe@ximian.com>
 
        * libsoup/soup-gnutls.c (soup_gnutls_close): gnutls_bye() doesn't

diff --git a/configure.in b/configure.in
index c5d6dc1..05be752 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -194,7 +194,7 @@ AC_ARG_ENABLE(libgpg-error,
               enable_libgpg_error=yes, enable_libgpg_error=no)
 
 if test "$enable_ssl" != "no"; then
-       AM_PATH_LIBGNUTLS(0.9.7, have_ssl=yes, have_ssl=no)
+       AM_PATH_LIBGNUTLS(1.0.0, have_ssl=yes, have_ssl=no)
 
        if test "$have_ssl" != "yes"; then
                if test "$enable_ssl" == "auto"; then

diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c
index d3a291c..9327097 100644 (file)
--- a/libsoup/soup-gnutls.c
+++ b/libsoup/soup-gnutls.c
@@ -77,16 +77,23 @@ verify_certificate (gnutls_session session, const char *hostname)
        if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509) {
                const gnutls_datum* cert_list;
                int cert_list_size;
+               gnutls_x509_crt cert;
       
                cert_list = gnutls_certificate_get_peers (
                        session, &cert_list_size);
+
                if (cert_list == NULL) {
                        g_warning ("No certificate was found.");
                        return FALSE;
                }
-               if (!gnutls_x509_check_certificates_hostname(
-                           &cert_list[0], hostname))
-               {
+
+               if (gnutls_x509_crt_import (cert, &cert_list[0],
+                                           GNUTLS_X509_FMT_DER) < 0) {
+                       g_warning ("The certificate could not be parsed.");
+                       return FALSE;
+               }
+
+               if (!gnutls_x509_crt_check_hostname (cert, hostname)) {
                        g_warning ("The certificate does not match hostname.");
                        return FALSE;
                }
@@ -296,31 +303,20 @@ static gnutls_dh_params dh_params = NULL;
 static gboolean
 init_dh_params (void)
 {
-       gnutls_datum prime, generator;
-
        if (gnutls_dh_params_init (&dh_params) != 0)
                goto THROW_CREATE_ERROR;
 
-       if (gnutls_dh_params_generate (&prime, &generator, DH_BITS) != 0)
-               goto THROW_CREATE_ERROR;
-
-       if (gnutls_dh_params_set (dh_params, prime, generator, DH_BITS) != 0)
+       if (gnutls_dh_params_generate2 (dh_params, DH_BITS) != 0)
                goto THROW_CREATE_ERROR;
 
-       free (prime.data);
-       free (generator.data);
-
        return TRUE;
 
-    THROW_CREATE_ERROR:
+THROW_CREATE_ERROR:
        if (dh_params) {
                gnutls_dh_params_deinit (dh_params);
                dh_params = NULL;
        }
-       if (prime.data)
-               free (prime.data);
-       if (generator.data)
-               free (generator.data);
+
        return FALSE;
 }