pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-12 14:14:48 +02:00
Code Activity

Bump required gnutls to v3.3.0

Browse Source 
Bump the requirement to v3.3.0 as available in Ubuntu 16.04 (3.4.10) and
Debian 10 (3.6.7). It was released around 10 years ago and any remotely
supported distribution has newer version.

As result, we can remove hundred+ lines of #ifdef spaghetti code.

Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
This commit is contained in:
Emil Velikov
2024-09-29 14:01:14 +01:00
committed by Sébastien Helleu
parent 19cb459685
commit de4231c842
8 changed files with 3 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CMakeLists.txt
+1 -1
View File
@@ -211,7 +211,7 @@ include_directories(${LIBGCRYPT_INCLUDE_DIRS})
list(APPEND EXTRA_LIBS ${LIBGCRYPT_LDFLAGS})
# Check for GnuTLS
pkg_check_modules(GNUTLS REQUIRED gnutls)
pkg_check_modules(GNUTLS REQUIRED gnutls>=3.3.0)
include_directories(${GNUTLS_INCLUDE_DIRS})
list(APPEND EXTRA_LIBS ${GNUTLS_LDFLAGS})
src/core/core-network.c
-47
View File
@@ -99,17 +99,10 @@ void
network_allocate_credentials ()
{
gnutls_certificate_allocate_credentials (&gnutls_xcred);
#if LIBGNUTLS_VERSION_NUMBER >= 0x02090a /* 2.9.10 */
gnutls_certificate_set_verify_function (gnutls_xcred,
&hook_connect_gnutls_verify_certificates);
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x02090a */
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
gnutls_certificate_set_retrieve_function (gnutls_xcred,
&hook_connect_gnutls_set_certificates);
#else
gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
&hook_connect_gnutls_set_certificates);
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
}
/*
@@ -1535,26 +1528,6 @@ network_connect_gnutls_handshake_fd_cb (const void *pointer, void *data,
{
fcntl (HOOK_CONNECT(hook_connect, sock), F_SETFL,
HOOK_CONNECT(hook_connect, handshake_fd_flags));
#if LIBGNUTLS_VERSION_NUMBER < 0x02090a /* 2.9.10 */
/*
* gnutls only has the gnutls_certificate_set_verify_function()
* function since version 2.9.10. We need to call our verify
* function manually after the handshake for old gnutls versions
*/
if (hook_connect_gnutls_verify_certificates (*HOOK_CONNECT(hook_connect, gnutls_sess)) != 0)
{
unhook (HOOK_CONNECT(hook_connect, handshake_hook_fd));
(void) (HOOK_CONNECT(hook_connect, callback))
(hook_connect->callback_pointer,
hook_connect->callback_data,
WEECHAT_HOOK_CONNECT_GNUTLS_HANDSHAKE_ERROR, rc,
HOOK_CONNECT(hook_connect, sock),
"Error in the certificate.",
HOOK_CONNECT(hook_connect, handshake_ip_address));
unhook (hook_connect);
return WEECHAT_RC_OK;
}
#endif /* LIBGNUTLS_VERSION_NUMBER < 0x02090a */
unhook (HOOK_CONNECT(hook_connect, handshake_hook_fd));
(void) (HOOK_CONNECT(hook_connect, callback))
(hook_connect->callback_pointer,
@@ -1769,26 +1742,6 @@ network_connect_child_read_cb (const void *pointer, void *data, int fd)
}
fcntl (HOOK_CONNECT(hook_connect, sock), F_SETFL,
HOOK_CONNECT(hook_connect, handshake_fd_flags));
#if LIBGNUTLS_VERSION_NUMBER < 0x02090a /* 2.9.10 */
/*
* gnutls only has the gnutls_certificate_set_verify_function()
* function since version 2.9.10. We need to call our verify
* function manually after the handshake for old gnutls versions
*/
if (hook_connect_gnutls_verify_certificates (*HOOK_CONNECT(hook_connect, gnutls_sess)) != 0)
{
(void) (HOOK_CONNECT(hook_connect, callback))
(hook_connect->callback_pointer,
hook_connect->callback_data,
WEECHAT_HOOK_CONNECT_GNUTLS_HANDSHAKE_ERROR,
rc, sock,
"Error in the certificate.",
cb_ip_address);
unhook (hook_connect);
free (cb_ip_address);
return WEECHAT_RC_OK;
}
#endif /* LIBGNUTLS_VERSION_NUMBER < 0x02090a */
}
}
else
src/core/hook/hook-connect.c
-4
View File
@@ -178,11 +178,7 @@ hook_connect_gnutls_set_certificates (gnutls_session_t tls_session,
const gnutls_datum_t *req_ca, int nreq,
const gnutls_pk_algorithm_t *pk_algos,
int pk_algos_len,
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
gnutls_retr2_st *answer)
#else
gnutls_retr_st *answer)
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
{
struct t_hook *ptr_hook;
int rc;
src/core/hook/hook-connect.h
-8
View File
@@ -41,11 +41,7 @@ typedef int (gnutls_callback_t)(const void *pointer, void *data,
const gnutls_datum_t *req_ca, int nreq,
const gnutls_pk_algorithm_t *pk_algos,
int pk_algos_len,
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
gnutls_retr2_st *answer,
#else
gnutls_retr_st *answer,
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
int action);
struct t_hook_connect
@@ -94,11 +90,7 @@ extern int hook_connect_gnutls_set_certificates (gnutls_session_t tls_session,
const gnutls_datum_t *req_ca, int nreq,
const gnutls_pk_algorithm_t *pk_algos,
int pk_algos_len,
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
gnutls_retr2_st *answer);
#else
gnutls_retr_st *answer);
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
extern void hook_connect_free_data (struct t_hook *hook);
extern int hook_connect_add_to_infolist (struct t_infolist_item *item,
struct t_hook *hook);
src/plugins/irc/irc-sasl.c
+2 -26
View File
@@ -27,9 +27,7 @@
#include <gcrypt.h>
#include <gnutls/gnutls.h>
#if LIBGNUTLS_VERSION_NUMBER >= 0x020a01 /* 2.10.1 */
#include <gnutls/abstract.h>
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020a01 */
#include "../weechat-plugin.h"
#include "irc.h"
@@ -507,18 +505,15 @@ irc_sasl_mechanism_ecdsa_nist256p_challenge (struct t_irc_server *server,
const char *sasl_key,
char **sasl_error)
{
#if LIBGNUTLS_VERSION_NUMBER >= 0x030015 /* 3.0.21 */
char *answer_base64, *string, *data, str_error[4096];
int length_data, length_username, length, ret;
char *str_privkey;
gnutls_x509_privkey_t x509_privkey;
gnutls_privkey_t privkey;
gnutls_datum_t filedatum, decoded_data, signature;
#if LIBGNUTLS_VERSION_NUMBER >= 0x030300 /* 3.3.0 */
gnutls_ecc_curve_t curve;
gnutls_datum_t x, y, k;
char *pubkey, *pubkey_base64;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x030300 */
answer_base64 = NULL;
string = NULL;
@@ -577,7 +572,6 @@ irc_sasl_mechanism_ecdsa_nist256p_challenge (struct t_irc_server *server,
return NULL;
}
#if LIBGNUTLS_VERSION_NUMBER >= 0x030300 /* 3.3.0 */
/* read raw values in key, to display public key */
ret = gnutls_x509_privkey_export_ecc_raw (x509_privkey,
&curve, &x, &y, &k);
@@ -610,10 +604,9 @@ irc_sasl_mechanism_ecdsa_nist256p_challenge (struct t_irc_server *server,
gnutls_free (y.data);
gnutls_free (k.data);
}
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x030300 */
/* import private key in an abstract key structure */
ret = gnutls_privkey_import_x509 (privkey, x509_privkey, 0); /* gnutls >= 2.11.0 */
ret = gnutls_privkey_import_x509 (privkey, x509_privkey, 0);
if (ret != GNUTLS_E_SUCCESS)
{
if (sasl_error)
@@ -632,7 +625,7 @@ irc_sasl_mechanism_ecdsa_nist256p_challenge (struct t_irc_server *server,
decoded_data.data = (unsigned char *)data;
decoded_data.size = length_data;
ret = gnutls_privkey_sign_hash (privkey, GNUTLS_DIG_SHA256, 0, /* gnutls >= 2.11.0 */
ret = gnutls_privkey_sign_hash (privkey, GNUTLS_DIG_SHA256, 0,
&decoded_data, &signature);
if (ret != GNUTLS_E_SUCCESS)
{
@@ -680,21 +673,4 @@ irc_sasl_mechanism_ecdsa_nist256p_challenge (struct t_irc_server *server,
free (string);
return answer_base64;
#else /* GnuTLS < 3.0.21 */
/* make C compiler happy */
(void) data_base64;
(void) sasl_username;
(void) sasl_key;
if (sasl_error)
{
*sasl_error = strdup (
_("%sgnutls: version >= 3.0.21 is required for SASL "
"\"ecdsa-nist256p-challenge\""));
}
return NULL;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x030015 */
}
src/plugins/irc/irc-server.c
-42
View File
@@ -5052,19 +5052,11 @@ irc_server_gnutls_callback (const void *pointer, void *data,
const gnutls_datum_t *req_ca, int nreq,
const gnutls_pk_algorithm_t *pk_algos,
int pk_algos_len,
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
gnutls_retr2_st *answer,
#else
gnutls_retr_st *answer,
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
int action)
{
struct t_irc_server *server;
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
gnutls_retr2_st tls_struct;
#else
gnutls_retr_st tls_struct;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
gnutls_x509_crt_t cert_temp;
const gnutls_datum_t *cert_list;
gnutls_datum_t filedatum;
@@ -5075,10 +5067,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
const char *ptr_cert_path, *ptr_fingerprint;
int rc, ret, fingerprint_match, hostname_match, cert_temp_init;
struct t_hashtable *options;
#if LIBGNUTLS_VERSION_NUMBER >= 0x010706 /* 1.7.6 */
gnutls_datum_t cinfo;
int rinfo;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010706 */
/* make C compiler happy */
(void) data;
@@ -5170,15 +5160,9 @@ irc_server_gnutls_callback (const void *pointer, void *data,
hostname_match = 1;
}
}
#if LIBGNUTLS_VERSION_NUMBER >= 0x010706 /* 1.7.6 */
/* display infos about certificate */
#if LIBGNUTLS_VERSION_NUMBER < 0x020400 /* 2.4.0 */
rinfo = gnutls_x509_crt_print (cert_temp,
GNUTLS_X509_CRT_ONELINE, &cinfo);
#else
rinfo = gnutls_x509_crt_print (cert_temp,
GNUTLS_CRT_PRINT_ONELINE, &cinfo);
#endif /* LIBGNUTLS_VERSION_NUMBER < 0x020400 */
if (rinfo == 0)
{
weechat_printf (
@@ -5191,7 +5175,6 @@ irc_server_gnutls_callback (const void *pointer, void *data,
weechat_prefix ("network"), cinfo.data);
gnutls_free (cinfo.data);
}
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010706 */
/* check dates, only if fingerprint is not set */
if (!ptr_fingerprint || !ptr_fingerprint[0])
{
@@ -5347,23 +5330,11 @@ irc_server_gnutls_callback (const void *pointer, void *data,
/* key */
gnutls_x509_privkey_init (&server->tls_cert_key);
/*
* gnutls_x509_privkey_import2 has no "Since: ..." in GnuTLS manual but
* GnuTLS NEWS file lists it being added in 3.1.0:
* https://gitlab.com/gnutls/gnutls/blob/2b715b9564681acb3008a5574dcf25464de8b038/NEWS#L2552
*/
#if LIBGNUTLS_VERSION_NUMBER >= 0x030100 /* 3.1.0 */
ret = gnutls_x509_privkey_import2 (server->tls_cert_key,
&filedatum,
GNUTLS_X509_FMT_PEM,
tls_password,
0);
#else
ret = gnutls_x509_privkey_import (server->tls_cert_key,
&filedatum,
GNUTLS_X509_FMT_PEM);
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x0301000 */
if (ret < 0)
{
ret = gnutls_x509_privkey_import_pkcs8 (
@@ -5385,28 +5356,16 @@ irc_server_gnutls_callback (const void *pointer, void *data,
}
else
{
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
tls_struct.cert_type = GNUTLS_CRT_X509;
tls_struct.key_type = GNUTLS_PRIVKEY_X509;
#else
tls_struct.type = GNUTLS_CRT_X509;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
tls_struct.ncerts = 1;
tls_struct.deinit_all = 0;
tls_struct.cert.x509 = &server->tls_cert;
tls_struct.key.x509 = server->tls_cert_key;
#if LIBGNUTLS_VERSION_NUMBER >= 0x010706 /* 1.7.6 */
/* client certificate info */
#if LIBGNUTLS_VERSION_NUMBER < 0x020400 /* 2.4.0 */
rinfo = gnutls_x509_crt_print (server->tls_cert,
GNUTLS_X509_CRT_ONELINE,
&cinfo);
#else
rinfo = gnutls_x509_crt_print (server->tls_cert,
GNUTLS_CRT_PRINT_ONELINE,
&cinfo);
#endif /* LIBGNUTLS_VERSION_NUMBER < 0x020400 */
if (rinfo == 0)
{
weechat_printf (
@@ -5418,7 +5377,6 @@ irc_server_gnutls_callback (const void *pointer, void *data,
weechat_prefix ("network"), cinfo.data);
gnutls_free (cinfo.data);
}
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010706 */
memcpy (answer, &tls_struct, sizeof (tls_struct));
free (cert_str);
}
src/plugins/relay/api/remote/relay-remote-network.c
-13
View File
@@ -970,11 +970,7 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
const gnutls_datum_t *req_ca, int nreq,
const gnutls_pk_algorithm_t *pk_algos,
int pk_algos_len,
#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
gnutls_retr2_st *answer,
#else
gnutls_retr_st *answer,
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
int action)
{
struct t_relay_remote *remote;
@@ -983,10 +979,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
unsigned int i, cert_list_len, status;
time_t cert_time;
int rc, hostname_match, cert_temp_init;
#if LIBGNUTLS_VERSION_NUMBER >= 0x010706 /* 1.7.6 */
gnutls_datum_t cinfo;
int rinfo;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010706 */
/* make C compiler happy */
(void) data;
@@ -1061,15 +1055,9 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
hostname_match = 1;
}
}
#if LIBGNUTLS_VERSION_NUMBER >= 0x010706 /* 1.7.6 */
/* display infos about certificate */
#if LIBGNUTLS_VERSION_NUMBER < 0x020400 /* 2.4.0 */
rinfo = gnutls_x509_crt_print (cert_temp,
GNUTLS_X509_CRT_ONELINE, &cinfo);
#else
rinfo = gnutls_x509_crt_print (cert_temp,
GNUTLS_CRT_PRINT_ONELINE, &cinfo);
#endif /* LIBGNUTLS_VERSION_NUMBER < 0x020400 */
if (rinfo == 0)
{
weechat_printf (
@@ -1082,7 +1070,6 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
remote->name, cinfo.data);
gnutls_free (cinfo.data);
}
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010706 */
/* check expiration date */
cert_time = gnutls_x509_crt_get_expiration_time (cert_temp);
if (cert_time < time (NULL))
src/plugins/relay/relay-client.c
-5
View File
@@ -1447,13 +1447,8 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
if (relay_gnutls_dh_params)
{
gnutls_dh_params_init (relay_gnutls_dh_params);
#if LIBGNUTLS_VERSION_NUMBER >= 0x020c00 /* 2.12.0 */
bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH,
GNUTLS_SEC_PARAM_LOW);
#else
/* default for old gnutls */
bits = 1024;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020c00 */
gnutls_dh_params_generate2 (*relay_gnutls_dh_params, bits);
gnutls_certificate_set_dh_params (relay_gnutls_x509_cred,
*relay_gnutls_dh_params);