On Thu, 29 Apr 2004, Timo Sirainen wrote:
Looks like it's read/write/handshake functions were changed (fixed?) to work very much like OpenSSL's, ie. read/write can return that handshake renegoatiation is needed, and read can fail because if needs to write and vice versa. The ssl-proxy-openssl.c code should just be copy&pasted to gnutls version and the function calls changed.
Any volunteers? :)
Well here is an attempt. I asked around and gnutls10 is supposed to be
basically compatible with gnutls7, they've just changed some API names and
prototypes.
I haven't really been able to test this much but fwiw, it compiles cleanly
and doesn't make dovecot crash (at least so far :-)
--- dovecot-1.0.orig/src/login-common/ssl-proxy-gnutls.c
+++ dovecot-1.0/src/login-common/ssl-proxy-gnutls.c
@@ -276,7 +276,7 @@
return;
/* i/o interrupted */
- dir = gnutls_handshake_get_direction(proxy->session) == 0 ?
+ dir = gnutls_record_get_direction(proxy->session) == 0 ?
IO_READ : IO_WRITE;
if (proxy->io_ssl_dir != dir) {
if (proxy->io_ssl != NULL)
@@ -298,7 +298,7 @@
gnutls_compression_set_priority(session, comp_priority);
gnutls_kx_set_priority(session, kx_priority);
gnutls_mac_set_priority(session, mac_priority);
- gnutls_cert_type_set_priority(session, cert_type_priority);
+ gnutls_certificate_type_set_priority(session, cert_type_priority);
gnutls_cred_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
return session;
@@ -504,8 +504,8 @@
read_parameters(paramfile);
- if ((ret = gnutls_certificate_allocate_cred(&x509_cred)) < 0) {
- i_fatal("gnutls_certificate_allocate_cred() failed: %s",
+ if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
+ i_fatal("gnutls_certificate_allocate_credentials() failed: %s",
gnutls_strerror(ret));
}
@@ -516,12 +516,8 @@
certfile, keyfile, gnutls_strerror(ret));
}
- ret = gnutls_certificate_set_dh_params(x509_cred, dh_params);
- if (ret < 0)
- i_fatal("Can't set DH parameters: %s", gnutls_strerror(ret));
- ret = gnutls_certificate_set_rsa_params(x509_cred, rsa_params);
- if (ret < 0)
- i_fatal("Can't set RSA parameters: %s", gnutls_strerror(ret));
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
+ gnutls_certificate_set_rsa_export_params(x509_cred, rsa_params);
ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
ssl_initialized = TRUE;
@@ -541,7 +537,7 @@
hash_iterate_deinit(iter);
hash_destroy(ssl_proxies);
- gnutls_certificate_free_cred(x509_cred);
+ gnutls_certificate_free_credentials(x509_cred);
gnutls_global_deinit();
}
--
Jaldhar H. Vyas