From: hyunuktak <hyunuk.tak@samsung.com>
Date: Thu, 17 Dec 2015 01:11:42 +0000 (+0900)
Subject: Apply tpkp-gnutls
X-Git-Tag: accepted/tizen/mobile/20151223.052439~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c920cd5d1d2fc6054d8a35a60ee40f323aa32cd6;p=platform%2Fupstream%2Fconnman.git

Apply tpkp-gnutls

Change-Id: I291b210c7f241492df945d565d9d44c7ad57054f
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
---

diff --git a/Makefile.am b/Makefile.am
index afe412c..7fda213 100755
--- a/Makefile.am
+++ b/Makefile.am
@@ -118,6 +118,7 @@ src_connmand_SOURCES = $(gdhcp_sources) $(gweb_sources) \
 
 src_connmand_LDADD = gdbus/libgdbus-internal.la $(builtin_libadd) \
 			@GLIB_LIBS@ @DBUS_LIBS@ @XTABLES_LIBS@ @GNUTLS_LIBS@ \
+			@TPKP_GNUTLS_LIBS@ \
 			-lresolv -ldl -lrt
 
 src_connmand_LDFLAGS = -Wl,--export-dynamic \
@@ -146,7 +147,7 @@ vpn_connman_vpnd_SOURCES = $(builtin_vpn_sources) \
 			vpn/vpn-config.c
 
 vpn_connman_vpnd_LDADD = gdbus/libgdbus-internal.la $(builtin_vpn_libadd) \
-				@GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ \
+				@GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ @TPKP_GNUTLS_LIBS@ \
 				-lresolv -ldl
 
 vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic \
@@ -192,7 +193,7 @@ endif
 endif
 
 AM_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@ @XTABLES_CFLAGS@ \
-				@GNUTLS_CFLAGS@ $(builtin_cflags) \
+				@GNUTLS_CFLAGS@ @TPKP_GNUTLS_CFLAGS@ $(builtin_cflags) \
 				-DCONNMAN_PLUGIN_BUILTIN \
 				-DSTATEDIR=\""$(statedir)"\" \
 				-DVPN_STATEDIR=\""$(vpn_statedir)"\" \
@@ -209,7 +210,7 @@ AM_CPPFLAGS = -I$(builddir)/include -I$(builddir)/src -I$(srcdir)/gdbus
 endif
 
 src_connmand_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@ @XTABLES_CFLAGS@ \
-				@GNUTLS_CFLAGS@ $(builtin_cflags) \
+				@GNUTLS_CFLAGS@ @TPKP_GNUTLS_CFLAGS@ $(builtin_cflags) \
 				-DCONNMAN_PLUGIN_BUILTIN \
 				-DSTATEDIR=\""$(statedir)"\" \
 				-DPLUGINDIR=\""$(build_plugindir)"\" \
@@ -276,7 +277,7 @@ if WISPR
 noinst_PROGRAMS += tools/wispr
 
 tools_wispr_SOURCES = $(gweb_sources) tools/wispr.c
-tools_wispr_LDADD = @GLIB_LIBS@ @GNUTLS_LIBS@ -lresolv
+tools_wispr_LDADD = @GLIB_LIBS@ @GNUTLS_LIBS@ @TPKP_GNUTLS_LIBS@ -lresolv
 endif
 
 if TOOLS
@@ -296,7 +297,7 @@ tools_supplicant_test_LDADD = gdbus/libgdbus-internal.la \
 				@GLIB_LIBS@ @DBUS_LIBS@
 
 tools_web_test_SOURCES = $(gweb_sources) tools/web-test.c
-tools_web_test_LDADD = @GLIB_LIBS@ @GNUTLS_LIBS@ -lresolv
+tools_web_test_LDADD = @GLIB_LIBS@ @GNUTLS_LIBS@ @TPKP_GNUTLS_LIBS@ -lresolv
 
 tools_resolv_test_SOURCES = gweb/gresolv.h gweb/gresolv.c tools/resolv-test.c
 tools_resolv_test_LDADD = @GLIB_LIBS@ -lresolv
diff --git a/configure.ac b/configure.ac
index 35d8f98..ca70ac5 100755
--- a/configure.ac
+++ b/configure.ac
@@ -261,6 +261,11 @@ PKG_CHECK_MODULES(XTABLES, xtables >= 1.4.11, dummy=yes,
 AC_SUBST(XTABLES_CFLAGS)
 AC_SUBST(XTABLES_LIBS)
 
+PKG_CHECK_MODULES(TPKP_GNUTLS, tpkp-gnutls, dummy=yes,
+								AC_MSG_ERROR(tpkp-gnutls library is required))
+AC_SUBST(TPKP_GNUTLS_CFLAGS)
+AC_SUBST(TPKP_GNUTLS_LIBS)
+
 AC_ARG_ENABLE(test, AC_HELP_STRING([--enable-test],
 		[enable test/example scripts]), [enable_test=${enableval}])
 AM_CONDITIONAL(TEST, test "${enable_test}" = "yes")
diff --git a/gweb/giognutls.c b/gweb/giognutls.c
index 09dc9e7..a790eca 100755
--- a/gweb/giognutls.c
+++ b/gweb/giognutls.c
@@ -29,6 +29,7 @@
 #include <unistd.h>
 
 #include <gnutls/gnutls.h>
+#include <tpkp_gnutls.h>
 
 #include "giognutls.h"
 
@@ -235,6 +236,8 @@ static void g_io_gnutls_free(GIOChannel *channel)
 
 	gnutls_deinit(gnutls_channel->session);
 
+	tpkp_gnutls_cleanup();
+
 	gnutls_certificate_free_credentials(gnutls_channel->cred);
 
 	g_free(gnutls_channel);
@@ -459,6 +462,12 @@ GIOChannel *g_io_channel_gnutls_new(int fd)
 		"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT", NULL);
 #endif
 
+	gnutls_certificate_set_verify_function(gnutls_channel->cred, &tpkp_gnutls_verify_callback);
+	/*
+	*	TODO: get ca-bundle path build-time configuration unless gnutls set it as a default
+	*/
+	gnutls_certificate_set_x509_trust_file(gnutls_channel->cred, "/etc/ssl/ca-bundle.pem", GNUTLS_X509_FMT_PEM);
+
 	gnutls_certificate_allocate_credentials(&gnutls_channel->cred);
 	gnutls_credentials_set(gnutls_channel->session,
 				GNUTLS_CRD_CERTIFICATE, gnutls_channel->cred);
diff --git a/gweb/gweb.c b/gweb/gweb.c
index ec37a48..99709ca 100755
--- a/gweb/gweb.c
+++ b/gweb/gweb.c
@@ -39,6 +39,8 @@
 #include <netinet/tcp.h>
 #include <ifaddrs.h>
 
+#include <tpkp_gnutls.h>
+
 #include "giognutls.h"
 #include "gresolv.h"
 #include "gweb.h"
@@ -1054,6 +1056,7 @@ static int connect_session_transport(struct web_session *session)
 
 	if (session->flags & SESSION_FLAG_USE_TLS) {
 		debug(session->web, "using TLS encryption");
+		tpkp_gnutls_set_url_data(session->host);
 		session->transport_channel = g_io_channel_gnutls_new(sk);
 	} else {
 		debug(session->web, "no encryption");
diff --git a/packaging/connman.spec b/packaging/connman.spec
index a802c5a..4dabaed 100755
--- a/packaging/connman.spec
+++ b/packaging/connman.spec
@@ -12,6 +12,7 @@ BuildRequires:  pkgconfig(libiptc)
 BuildRequires:  pkgconfig(xtables)
 BuildRequires:  pkgconfig(gnutls)
 BuildRequires:  pkgconfig(libsmack)
+BuildRequires:  pkgconfig(tpkp-gnutls)
 BuildRequires:  readline-devel
 #%systemd_requires
 Requires:       iptables