On Thu, 29 Apr 2004, Timo Sirainen wrote:
Looks like it's read/write/handshake functions were changed (fixed?) to work very much like OpenSSL's, ie. read/write can return that handshake renegoatiation is needed, and read can fail because if needs to write and vice versa. The ssl-proxy-openssl.c code should just be copy&pasted to gnutls version and the function calls changed.
Any volunteers? :)
Well here is an attempt. I asked around and gnutls10 is supposed to be basically compatible with gnutls7, they've just changed some API names and prototypes. I haven't really been able to test this much but fwiw, it compiles cleanly and doesn't make dovecot crash (at least so far :-) --- dovecot-1.0.orig/src/login-common/ssl-proxy-gnutls.c +++ dovecot-1.0/src/login-common/ssl-proxy-gnutls.c @@ -276,7 +276,7 @@ return; /* i/o interrupted */ - dir = gnutls_handshake_get_direction(proxy->session) == 0 ? + dir = gnutls_record_get_direction(proxy->session) == 0 ? IO_READ : IO_WRITE; if (proxy->io_ssl_dir != dir) { if (proxy->io_ssl != NULL) @@ -298,7 +298,7 @@ gnutls_compression_set_priority(session, comp_priority); gnutls_kx_set_priority(session, kx_priority); gnutls_mac_set_priority(session, mac_priority); - gnutls_cert_type_set_priority(session, cert_type_priority); + gnutls_certificate_type_set_priority(session, cert_type_priority); gnutls_cred_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); return session; @@ -504,8 +504,8 @@ read_parameters(paramfile); - if ((ret = gnutls_certificate_allocate_cred(&x509_cred)) < 0) { - i_fatal("gnutls_certificate_allocate_cred() failed: %s", + if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) { + i_fatal("gnutls_certificate_allocate_credentials() failed: %s", gnutls_strerror(ret)); } @@ -516,12 +516,8 @@ certfile, keyfile, gnutls_strerror(ret)); } - ret = gnutls_certificate_set_dh_params(x509_cred, dh_params); - if (ret < 0) - i_fatal("Can't set DH parameters: %s", gnutls_strerror(ret)); - ret = gnutls_certificate_set_rsa_params(x509_cred, rsa_params); - if (ret < 0) - i_fatal("Can't set RSA parameters: %s", gnutls_strerror(ret)); + gnutls_certificate_set_dh_params(x509_cred, dh_params); + gnutls_certificate_set_rsa_export_params(x509_cred, rsa_params); ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL); ssl_initialized = TRUE; @@ -541,7 +537,7 @@ hash_iterate_deinit(iter); hash_destroy(ssl_proxies); - gnutls_certificate_free_cred(x509_cred); + gnutls_certificate_free_credentials(x509_cred); gnutls_global_deinit(); } -- Jaldhar H. Vyas <jaldhar@debian.org> La Salle Debain - http://www.braincells.com/debian/