Version 3.4.1

core: set again TLS verification functions after GnuTLS options are changed (issue #1763 )
When changing the options weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user, the GnuTLS credentials are freed then allocated again, but the verification function used to check the certificate on connection is not set again. As a consequence, any TLS connection is made without checking the certificate. This regression was introduced in version 3.2, when the options were changed to automatically load system certificates without having to give the path, and to let user give an extra custom path with certificates.
2026-06-12 14:14:48 +02:00 · 2022-03-13 21:01:13 +01:00 · 2022-03-13 20:20:03 +01:00 · 2022-03-13 20:19:39 +01:00
5 changed files with 41 additions and 19 deletions
@@ -15,6 +15,13 @@ https://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes]
 (file _ReleaseNotes.adoc_ in sources).


+[[v3.4.1]]
+== Version 3.4.1 (2022-03-13)
+
+Bug fixes::
+
+  * core: set again TLS verification functions after options weechat.network.gnutls_ca_system and weechat.network.gnutls_ca_user are changed (issue #1763)
+
 [[v3.4]]
 == Version 3.4 (2021-12-18)

@@ -17,6 +17,11 @@ https://weechat.org/files/changelog/ChangeLog-devel.html[ChangeLog]
 (file _ChangeLog.adoc_ in sources).


+[[v3.4.1]]
+== Version 3.4.1 (2022-03-13)
+
+Bug fix and maintenance release.
+
 [[v3.4]]
 == Version 3.4 (2021-12-18)

@@ -91,6 +91,27 @@ network_init_gcrypt ()
    gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
 }

+/*
+ * Allocates credentials structure.
+ */
+
+void
+network_allocate_credentials ()
+{
+    gnutls_certificate_allocate_credentials (&gnutls_xcred);
+#if LIBGNUTLS_VERSION_NUMBER >= 0x02090a /* 2.9.10 */
+    gnutls_certificate_set_verify_function (gnutls_xcred,
+                                            &hook_connect_gnutls_verify_certificates);
+#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x02090a */
+#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
+    gnutls_certificate_set_retrieve_function (gnutls_xcred,
+                                              &hook_connect_gnutls_set_certificates);
+#else
+    gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
+                                                     &hook_connect_gnutls_set_certificates);
+#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
+}
+
 /*
 * Loads system's default trusted certificate authorities.
 *
@@ -259,9 +280,7 @@ network_reload_ca_files (int force_display)
                             network_num_certs),
                         network_num_certs);
    }
-
-    gnutls_certificate_allocate_credentials (&gnutls_xcred);
-
+    network_allocate_credentials ();
    network_load_ca_files (force_display);
 }

@@ -275,19 +294,8 @@ network_init_gnutls ()
    if (!weechat_no_gnutls)
    {
        gnutls_global_init ();
-        gnutls_certificate_allocate_credentials (&gnutls_xcred);
+        network_allocate_credentials ();
        network_load_ca_files (0);
-#if LIBGNUTLS_VERSION_NUMBER >= 0x02090a /* 2.9.10 */
-        gnutls_certificate_set_verify_function (gnutls_xcred,
-                                                &hook_connect_gnutls_verify_certificates);
-#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x02090a */
-#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
-        gnutls_certificate_set_retrieve_function (gnutls_xcred,
-                                                  &hook_connect_gnutls_set_certificates);
-#else
-        gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
-                                                         &hook_connect_gnutls_set_certificates);
-#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
    }

    network_init_gnutls_ok = 1;
@@ -32,9 +32,9 @@
 #     devel-patch  the patch version of devel (e.g. 2 for version 1.4.2)
 #

-WEECHAT_STABLE=3.4
-WEECHAT_DEVEL=3.4
-WEECHAT_DEVEL_FULL=3.4
+WEECHAT_STABLE=3.4.1
+WEECHAT_DEVEL=3.4.1
+WEECHAT_DEVEL_FULL=3.4.1

 if [ $# -lt 1 ]; then
    echo >&2 "Syntax: $0 stable|devel|devel-full|devel-major|devel-minor|devel-patch"
@@ -23,7 +23,7 @@
 #

 %define name weechat
-%define version 3.4
+%define version 3.4.1
 %define release 1

 Name:      %{name}
@@ -82,6 +82,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_prefix}/share/icons/hicolor/512x512/apps/weechat.png

 %changelog
+* Sun Mar 13 2022 Sébastien Helleu <flashcode@flashtux.org> 3.4.1-1
+- Released version 3.4.1
 * Sat Dec 18 2021 Sébastien Helleu <flashcode@flashtux.org> 3.4-1
 - Released version 3.4
 * Sun Sep 19 2021 Sébastien Helleu <flashcode@flashtux.org> 3.3-1