pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-25 20:36:38 +02:00
Code Activity

core: set again TLS verification functions after GnuTLS options are changed (issue #1763)

Browse Source 
When changing the options weechat.network.gnutls_ca_system or
weechat.network.gnutls_ca_user, the GnuTLS credentials are freed then allocated
again, but the verification function used to check the certificate on
connection is not set again.

As a consequence, any TLS connection is made without checking the certificate.

This regression was introduced in version 3.2, when the options were changed to
automatically load system certificates without having to give the path, and to
let user give an extra custom path with certificates.
This commit is contained in:
Sébastien Helleu
2022-03-13 20:20:03 +01:00
parent 2e1d16b7e5
commit 710247891c
2 changed files with 30 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog.adoc
+7
View File
@@ -15,6 +15,13 @@ https://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes]
(file _ReleaseNotes.adoc_ in sources).
[[v3.4.1]]
== Version 3.4.1 (under dev)
Bug fixes::
* core: set again TLS verification functions after options weechat.network.gnutls_ca_system and weechat.network.gnutls_ca_user are changed (issue #1763)
[[v3.4]]
== Version 3.4 (2021-12-18)
src/core/wee-network.c
+23 -15
View File
@@ -91,6 +91,27 @@ network_init_gcrypt ()
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
}
/*
* Allocates credentials structure.
*/
void
network_allocate_credentials ()
{
gnutls_certificate_allocate_credentials (&gnutls_xcred);
#if LIBGNUTLS_VERSION_NUMBER >= 0x02090a /* 2.9.10 */
gnutls_certificate_set_verify_function (gnutls_xcred,
&hook_connect_gnutls_verify_certificates);
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x02090a */
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
gnutls_certificate_set_retrieve_function (gnutls_xcred,
&hook_connect_gnutls_set_certificates);
#else
gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
&hook_connect_gnutls_set_certificates);
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
}
/*
* Loads system's default trusted certificate authorities.
*
@@ -259,9 +280,7 @@ network_reload_ca_files (int force_display)
network_num_certs),
network_num_certs);
}
gnutls_certificate_allocate_credentials (&gnutls_xcred);
network_allocate_credentials ();
network_load_ca_files (force_display);
}
@@ -275,19 +294,8 @@ network_init_gnutls ()
if (!weechat_no_gnutls)
{
gnutls_global_init ();
gnutls_certificate_allocate_credentials (&gnutls_xcred);
network_allocate_credentials ();
network_load_ca_files (0);
#if LIBGNUTLS_VERSION_NUMBER >= 0x02090a /* 2.9.10 */
gnutls_certificate_set_verify_function (gnutls_xcred,
&hook_connect_gnutls_verify_certificates);
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x02090a */
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
gnutls_certificate_set_retrieve_function (gnutls_xcred,
&hook_connect_gnutls_set_certificates);
#else
gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
&hook_connect_gnutls_set_certificates);
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
}
network_init_gnutls_ok = 1;