Re: [Dovecot] Re: 1.0-test1 released

30 Apr 2004

On Thu, 29 Apr 2004, Timo Sirainen wrote:
...
Looks like it's read/write/handshake functions were changed (fixed?) to
work very much like OpenSSL's, ie. read/write can return that handshake
renegoatiation is needed, and read can fail because if needs to write
and vice versa. The ssl-proxy-openssl.c code should just be copy&pasted
to gnutls version and the function calls changed.
Any volunteers? :)
Well here is an attempt.  I asked around and gnutls10 is supposed to be
basically compatible with gnutls7, they've just changed some API names and
prototypes.

I haven't really been able to test this much but fwiw, it compiles cleanly
and doesn't make dovecot crash (at least so far :-)

--- dovecot-1.0.orig/src/login-common/ssl-proxy-gnutls.c
+++ dovecot-1.0/src/login-common/ssl-proxy-gnutls.c
@@ -276,7 +276,7 @@
 		return;

 	/* i/o interrupted */
-	dir = gnutls_handshake_get_direction(proxy->session) == 0 ?
+	dir = gnutls_record_get_direction(proxy->session) == 0 ?
 		IO_READ : IO_WRITE;
 	if (proxy->io_ssl_dir != dir) {
 		if (proxy->io_ssl != NULL)
@@ -298,7 +298,7 @@
 	gnutls_compression_set_priority(session, comp_priority);
 	gnutls_kx_set_priority(session, kx_priority);
 	gnutls_mac_set_priority(session, mac_priority);
-	gnutls_cert_type_set_priority(session, cert_type_priority);
+	gnutls_certificate_type_set_priority(session, cert_type_priority);

 	gnutls_cred_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
 	return session;
@@ -504,8 +504,8 @@

 	read_parameters(paramfile);

-	if ((ret = gnutls_certificate_allocate_cred(&x509_cred)) < 0) {
-		i_fatal("gnutls_certificate_allocate_cred() failed: %s",
+	if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
+		i_fatal("gnutls_certificate_allocate_credentials() failed: %s",
 			gnutls_strerror(ret));
 	}

@@ -516,12 +516,8 @@
 			certfile, keyfile, gnutls_strerror(ret));
 	}

-        ret = gnutls_certificate_set_dh_params(x509_cred, dh_params);
-	if (ret < 0)
-		i_fatal("Can't set DH parameters: %s", gnutls_strerror(ret));
-	ret = gnutls_certificate_set_rsa_params(x509_cred, rsa_params);
-	if (ret < 0)
-		i_fatal("Can't set RSA parameters: %s", gnutls_strerror(ret));
+        gnutls_certificate_set_dh_params(x509_cred, dh_params);
+        gnutls_certificate_set_rsa_export_params(x509_cred, rsa_params);

         ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
 	ssl_initialized = TRUE;
@@ -541,7 +537,7 @@
 	hash_iterate_deinit(iter);
 	hash_destroy(ssl_proxies);

-	gnutls_certificate_free_cred(x509_cred);
+	gnutls_certificate_free_credentials(x509_cred);
 	gnutls_global_deinit();
 }



-- 
Jaldhar H. Vyas 
La Salle Debain - http://www.braincells.com/debian/

    