| From 98de912932732f1441300eb64ca3070ff1469fcf Mon Sep 17 00:00:00 2001 |
| From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz> |
| Date: Sun, 30 Dec 2012 21:11:06 +0100 |
| Subject: [PATCH] GnuTLS 3.0 removed gnutls_certificate_get_x509_cas() |
| |
| --- |
| libraries/libldap/tls_g.c | 23 +++++++++++++++++++++++ |
| 1 file changed, 23 insertions(+) |
| |
| diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c |
| index 40616f5..374514d 100644 |
| --- a/libraries/libldap/tls_g.c |
| +++ b/libraries/libldap/tls_g.c |
| @@ -60,6 +60,12 @@ |
| #undef HAVE_GCRYPT_RAND |
| #endif |
| |
| +#if LIBGNUTLS_VERSION_NUMBER >= 0x030000 |
| +#define HAVE_GNUTLS_CERTIFICATE_GET_ISSUER 1 |
| +#else |
| +#undef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER |
| +#endif |
| + |
| #ifndef HAVE_CIPHERSUITES |
| /* Versions prior to 2.2.0 didn't handle cipher suites, so we had to |
| * kludge them ourselves. |
| @@ -368,6 +374,22 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) |
| * then we have to build the cert chain. |
| */ |
| if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) { |
| +#ifdef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER |
| + gnutls_x509_crt_t issuer; |
| + unsigned int i; |
| + |
| + for ( i = 1; i<VERIFY_DEPTH; i++ ) { |
| + /* If no CA is known, we're done */ |
| + if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], |
| + &issuer, 0 ) ) |
| + break; |
| + certs[i] = issuer; |
| + max++; |
| + /* If this CA is self-signed, we're done */ |
| + if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] )) |
| + break; |
| + } |
| +#else |
| gnutls_x509_crt_t *cas; |
| unsigned int i, j, ncas; |
| |
| @@ -387,6 +409,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) |
| if ( j == ncas ) |
| break; |
| } |
| +#endif /* !defined HAVE_GNUTLS_CERTIFICATE_GET_ISSUER */ |
| } |
| rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key ); |
| if ( rc ) return -1; |
| -- |
| 1.8.0.2 |
| |