Commit eb95f3a9 authored by David Woodhouse's avatar David Woodhouse

Fix GnuTLS 2.12 build

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 973eed1f
......@@ -357,6 +357,8 @@ if test "$with_gnutls" = "yes"; then
[AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1, [stupid])], [])
AC_CHECK_FUNC(gnutls_pk_to_sign,
[AC_DEFINE(HAVE_GNUTLS_PK_TO_SIGN, 1, [autoheader])], [])
AC_CHECK_FUNC(gnutls_pubkey_export2,
[AC_DEFINE(HAVE_GNUTLS_PUBKEY_EXPORT2, 1, [autoheader sucks donkey balls])], [])
if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
AC_CHECK_FUNC(gnutls_session_set_premaster,
[have_gnutls_dtls=yes], [have_gnutls_dtls=no])
......
......@@ -1657,7 +1657,7 @@ int get_cert_md5_fingerprint(struct openconnect_info *vpninfo,
static int set_peer_cert_hash(struct openconnect_info *vpninfo)
{
unsigned char sha1[SHA1_SIZE];
size_t shalen = SHA1_SIZE;
size_t shalen;
gnutls_pubkey_t pkey;
gnutls_datum_t d;
int i, err;
......@@ -1671,14 +1671,34 @@ static int set_peer_cert_hash(struct openconnect_info *vpninfo)
gnutls_pubkey_deinit(pkey);
return err;
}
#ifdef HAVE_GNUTLS_PUBKEY_EXPORT2
err = gnutls_pubkey_export2(pkey, GNUTLS_X509_FMT_DER, &d);
if (err) {
gnutls_pubkey_deinit(pkey);
return err;
}
#else
shalen = 0;
err = gnutls_pubkey_export(pkey, GNUTLS_X509_FMT_DER, NULL, &shalen);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
gnutls_pubkey_deinit(pkey);
return err;
}
d.size = shalen;
d.data = gnutls_malloc(d.size);
if (!d.data) {
gnutls_pubkey_deinit(pkey);
return -ENOMEM;
}
err = gnutls_pubkey_export(pkey, GNUTLS_X509_FMT_DER, d.data, &shalen);
if (err) {
gnutls_free(d.data);
gnutls_pubkey_deinit(pkey);
return err;
}
#endif
gnutls_pubkey_deinit(pkey);
shalen = SHA1_SIZE;
err = gnutls_fingerprint(GNUTLS_DIG_SHA1, &d, sha1, &shalen);
if (err) {
......
......@@ -198,8 +198,10 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
free(vpninfo->servercert);
free(vpninfo->ifname);
free(vpninfo->dtls_cipher);
#if defined(OPENCONNECT_GNUTLS)
#ifdef OPENCONNECT_GNUTLS
gnutls_free(vpninfo->cstp_cipher); /* In OpenSSL this is const */
#endif
#ifdef DTLS_GNUTLS
gnutls_free(vpninfo->gnutls_dtls_cipher);
#endif
free(vpninfo->dtls_addr);
......
......@@ -317,6 +317,7 @@ struct openconnect_info {
#elif defined(OPENCONNECT_GNUTLS)
gnutls_session_t https_sess;
gnutls_certificate_credentials_t https_cred;
char local_cert_md5[MD5_SIZE * 2 + 1]; /* For CSD */
struct pin_cache *pin_cache;
#ifdef HAVE_TROUSERS
TSS_HCONTEXT tpm_context;
......@@ -364,7 +365,6 @@ struct openconnect_info {
have fewer ifdefs and accessor macros for it. */
gnutls_session_t dtls_ssl;
char *gnutls_dtls_cipher; /* cached for openconnect_get_dtls_cipher() */
char local_cert_md5[MD5_SIZE * 2 + 1]; /* For CSD */
#endif
char *cstp_cipher;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment