Commit f2361e6d authored by Werner Koch's avatar Werner Koch

First changes for future use of NTBTLS.

* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New.  Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--

This is only the configure stuff.  If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.
parent 6bc0cd62
...@@ -226,8 +226,9 @@ t_zb32_LDADD = $(t_common_ldadd) ...@@ -226,8 +226,9 @@ t_zb32_LDADD = $(t_common_ldadd)
# http tests # http tests
t_http_SOURCES = t-http.c t_http_SOURCES = t-http.c
t_http_CFLAGS = $(t_common_cflags) $(LIBGNUTLS_CFLAGS) t_http_CFLAGS = $(t_common_cflags) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS)
t_http_LDADD = libcommontls.a $(t_common_ldadd) $(LIBGNUTLS_LIBS) $(DNSLIBS) t_http_LDADD = libcommontls.a $(t_common_ldadd) \
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
# All programs should depend on the created libs. # All programs should depend on the created libs.
$(PROGRAMS) : libcommon.a libcommonpth.a libcommontls.a libcommontlsnpth.a $(PROGRAMS) : libcommon.a libcommonpth.a libcommontls.a libcommontlsnpth.a
...@@ -39,7 +39,7 @@ ...@@ -39,7 +39,7 @@
- fixme: list other requirements. - fixme: list other requirements.
- With HTTP_USE_GNUTLS or HTTP_USE_POLARSSL support for https is - With HTTP_USE_NTBTLS or HTTP_USE_GNUTLS support for https is
provided (this also requires estream). provided (this also requires estream).
- With HTTP_NO_WSASTARTUP the socket initialization is not done - With HTTP_NO_WSASTARTUP the socket initialization is not done
...@@ -82,17 +82,16 @@ ...@@ -82,17 +82,16 @@
# include <npth.h> # include <npth.h>
#endif #endif
#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_POLARSSL) #if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_NTBTLS)
# error Both, HTTP_USE_GNUTLS and HTTP_USE_POLARSSL, are defined. # error Both, HTTP_USE_GNUTLS and HTTP_USE_NTBTLS, are defined.
#endif #endif
#ifdef HTTP_USE_GNUTLS #ifdef HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
# include <gnutls/gnutls.h> # include <gnutls/gnutls.h>
# include <gnutls/x509.h> # include <gnutls/x509.h>
#endif /*HTTP_USE_GNUTLS*/ #endif /*HTTP_USE_GNUTLS*/
#ifdef HTTP_USE_POLARSSL
# error Support for PolarSSL has not yet been added
#endif
#include "util.h" #include "util.h"
...@@ -156,8 +155,15 @@ typedef unsigned long longcounter_t; ...@@ -156,8 +155,15 @@ typedef unsigned long longcounter_t;
# define counter_strtoul(a) strtoul ((a), NULL, 10) # define counter_strtoul(a) strtoul ((a), NULL, 10)
#endif #endif
#ifndef HTTP_USE_GNUTLS #if HTTP_USE_NTBTLS
typedef void * gnutls_session_t; typedef ntbtls_t tls_session_t;
# define USE_TLS 1
#elif HTTP_USE_GNUTLS
typedef gnutls_session_t tls_session_t;
# define USE_TLS 1
#else
typedef void *tls_session_t;
# undef USE_TLS
#endif #endif
static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part, static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
...@@ -226,14 +232,16 @@ struct http_session_s ...@@ -226,14 +232,16 @@ struct http_session_s
int refcount; /* Number of references to this object. */ int refcount; /* Number of references to this object. */
#ifdef HTTP_USE_GNUTLS #ifdef HTTP_USE_GNUTLS
gnutls_certificate_credentials_t certcred; gnutls_certificate_credentials_t certcred;
gnutls_session_t tls_session; #endif /*HTTP_USE_GNUTLS*/
#ifdef USE_TLS
tls_session_t tls_session;
struct { struct {
int done; /* Verifciation has been done. */ int done; /* Verifciation has been done. */
int rc; /* GnuTLS verification return code. */ int rc; /* TLS verification return code. */
unsigned int status; /* Verification status. */ unsigned int status; /* Verification status. */
} verify; } verify;
char *servername; /* Malloced server name. */ char *servername; /* Malloced server name. */
#endif /*HTTP_USE_GNUTLS*/ #endif /*USE_TLS*/
/* A callback function to log details of TLS certifciates. */ /* A callback function to log details of TLS certifciates. */
void (*cert_log_cb) (http_session_t, gpg_error_t, const char *, void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
const void **, size_t *); const void **, size_t *);
...@@ -522,7 +530,8 @@ session_unref (int lnr, http_session_t sess) ...@@ -522,7 +530,8 @@ session_unref (int lnr, http_session_t sess)
if (sess->refcount) if (sess->refcount)
return; return;
#ifdef HTTP_USE_GNUTLS #ifdef USE_TLS
# ifdef HTTP_USE_GNUTLS
if (sess->tls_session) if (sess->tls_session)
{ {
my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session); my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session);
...@@ -531,8 +540,9 @@ session_unref (int lnr, http_session_t sess) ...@@ -531,8 +540,9 @@ session_unref (int lnr, http_session_t sess)
} }
if (sess->certcred) if (sess->certcred)
gnutls_certificate_free_credentials (sess->certcred); gnutls_certificate_free_credentials (sess->certcred);
# endif /*HTTP_USE_GNUTLS*/
xfree (sess->servername); xfree (sess->servername);
#endif /*HTTP_USE_GNUTLS*/ #endif /*USE_TLS*/
xfree (sess); xfree (sess);
} }
...@@ -560,7 +570,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority) ...@@ -560,7 +570,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority)
return gpg_error_from_syserror (); return gpg_error_from_syserror ();
sess->refcount = 1; sess->refcount = 1;
#ifdef HTTP_USE_GNUTLS #if HTTP_USE_NTBTLS
{
(void)tls_priority;
err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
if (err)
{
log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
goto leave;
}
}
#elif HTTP_USE_GNUTLS
{ {
const char *errpos; const char *errpos;
int rc; int rc;
...@@ -616,17 +637,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority) ...@@ -616,17 +637,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority)
goto leave; goto leave;
} }
} }
#else /*!HTTP_USE_GNUTLS*/ #else /*!HTTP_USE_GNUTLS*/
(void)tls_priority; {
(void)tls_priority;
}
#endif /*!HTTP_USE_GNUTLS*/ #endif /*!HTTP_USE_GNUTLS*/
/* log_debug ("http.c:session_new: sess %p created\n", sess); */ /* log_debug ("http.c:session_new: sess %p created\n", sess); */
err = 0; err = 0;
#ifdef HTTP_USE_GNUTLS #if USE_TLS
leave: leave:
#endif /*HTTP_USE_GNUTLS*/ #endif /*USE_TLS*/
if (err) if (err)
http_session_unref (sess); http_session_unref (sess);
else else
...@@ -1067,7 +1089,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, ...@@ -1067,7 +1089,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
uri->port = 11371; uri->port = 11371;
uri->is_http = 1; uri->is_http = 1;
} }
#ifdef HTTP_USE_GNUTLS #ifdef USE_TLS
else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps") else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps")
|| (force_tls && (!strcmp (uri->scheme, "http") || (force_tls && (!strcmp (uri->scheme, "http")
|| !strcmp (uri->scheme,"hkp")))) || !strcmp (uri->scheme,"hkp"))))
...@@ -1076,7 +1098,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, ...@@ -1076,7 +1098,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
uri->is_http = 1; uri->is_http = 1;
uri->use_tls = 1; uri->use_tls = 1;
} }
#endif #endif /*USE_TLS*/
else if (!no_scheme_check) else if (!no_scheme_check)
return GPG_ERR_INV_URI; /* Unsupported scheme */ return GPG_ERR_INV_URI; /* Unsupported scheme */
...@@ -1393,22 +1415,24 @@ send_request (http_t hd, const char *httphost, const char *auth, ...@@ -1393,22 +1415,24 @@ send_request (http_t hd, const char *httphost, const char *auth,
log_error ("TLS requested but no session object provided\n"); log_error ("TLS requested but no session object provided\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL); return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
} }
#ifdef HTTP_USE_GNUTLS #ifdef USE_TLS
if (hd->uri->use_tls && !hd->session->tls_session) if (hd->uri->use_tls && !hd->session->tls_session)
{ {
log_error ("TLS requested but no GNUTLS context available\n"); log_error ("TLS requested but no GNUTLS context available\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL); return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
} }
#endif /*HTTP_USE_GNUTLS*/ #endif /*USE_TLS*/
server = *hd->uri->host ? hd->uri->host : "localhost"; server = *hd->uri->host ? hd->uri->host : "localhost";
port = hd->uri->port ? hd->uri->port : 80; port = hd->uri->port ? hd->uri->port : 80;
/* Try to use SNI. */ /* Try to use SNI. */
#ifdef HTTP_USE_GNUTLS #ifdef USE_TLS
if (hd->uri->use_tls) if (hd->uri->use_tls)
{ {
# if HTTP_USE_GNUTLS
int rc; int rc;
# endif
xfree (hd->session->servername); xfree (hd->session->servername);
hd->session->servername = xtrystrdup (httphost? httphost : server); hd->session->servername = xtrystrdup (httphost? httphost : server);
...@@ -1418,13 +1442,22 @@ send_request (http_t hd, const char *httphost, const char *auth, ...@@ -1418,13 +1442,22 @@ send_request (http_t hd, const char *httphost, const char *auth,
return err; return err;
} }
# if HTTP_USE_NTBTLS
err = ntbtls_set_hostname (hd->session->tls_session, server);
if (err)
{
log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
return err;
}
# elif HTTP_USE_GNUTLS
rc = gnutls_server_name_set (hd->session->tls_session, rc = gnutls_server_name_set (hd->session->tls_session,
GNUTLS_NAME_DNS, GNUTLS_NAME_DNS,
server, strlen (server)); server, strlen (server));
if (rc < 0) if (rc < 0)
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc)); log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
# endif /*HTTP_USE_GNUTLS*/
} }
#endif /*HTTP_USE_GNUTLS*/ #endif /*USE_TLS*/
if ( (proxy && *proxy) if ( (proxy && *proxy)
|| ( (hd->flags & HTTP_FLAG_TRY_PROXY) || ( (hd->flags & HTTP_FLAG_TRY_PROXY)
...@@ -1490,7 +1523,37 @@ send_request (http_t hd, const char *httphost, const char *auth, ...@@ -1490,7 +1523,37 @@ send_request (http_t hd, const char *httphost, const char *auth,
#ifdef HTTP_USE_GNUTLS #if HTTP_USE_NTBTLS
if (hd->uri->use_tls)
{
my_socket_ref (hd->sock);
while ((err = ntbtls_handshake (hd->session->tls_session)))
{
switch (err)
{
default:
log_info ("TLS handshake failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
}
hd->session->verify.done = 0;
if (tls_callback)
err = tls_callback (hd, hd->session, 0);
else
err = http_verify_server_credentials (hd->session);
if (err)
{
log_info ("TLS connection authentication failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
}
#elif HTTP_USE_GNUTLS
if (hd->uri->use_tls) if (hd->uri->use_tls)
{ {
int rc; int rc;
...@@ -2423,7 +2486,7 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size) ...@@ -2423,7 +2486,7 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size)
static void static void
send_gnutls_bye (void *opaque) send_gnutls_bye (void *opaque)
{ {
gnutls_session_t tls_session = opaque; tls_session_t tls_session = opaque;
int ret; int ret;
again: again:
...@@ -2473,7 +2536,10 @@ cookie_close (void *cookie) ...@@ -2473,7 +2536,10 @@ cookie_close (void *cookie)
gpg_error_t gpg_error_t
http_verify_server_credentials (http_session_t sess) http_verify_server_credentials (http_session_t sess)
{ {
#ifdef HTTP_USE_GNUTLS #if HTTP_USE_NTBTLS
(void)sess;
return 0; /* FIXME!! */
#elif HTTP_USE_GNUTLS
static const char const errprefix[] = "TLS verification of peer failed"; static const char const errprefix[] = "TLS verification of peer failed";
int rc; int rc;
unsigned int status; unsigned int status;
......
...@@ -42,7 +42,9 @@ ...@@ -42,7 +42,9 @@
#include "http.h" #include "http.h"
#ifdef HTTP_USE_GNUTLS #if HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
# include <gnutls/gnutls.h> /* For init, logging, and deinit. */ # include <gnutls/gnutls.h> /* For init, logging, and deinit. */
#endif /*HTTP_USE_GNUTLS*/ #endif /*HTTP_USE_GNUTLS*/
...@@ -97,6 +99,7 @@ static int no_verify; ...@@ -97,6 +99,7 @@ static int no_verify;
#if HTTP_USE_GNUTLS
static gpg_error_t static gpg_error_t
verify_callback (http_t hd, http_session_t session, int reserved) verify_callback (http_t hd, http_session_t session, int reserved)
{ {
...@@ -104,14 +107,15 @@ verify_callback (http_t hd, http_session_t session, int reserved) ...@@ -104,14 +107,15 @@ verify_callback (http_t hd, http_session_t session, int reserved)
(void)reserved; (void)reserved;
return no_verify? 0 : http_verify_server_credentials (session); return no_verify? 0 : http_verify_server_credentials (session);
} }
#endif
#if HTTP_USE_GNUTLS
static void static void
my_gnutls_log (int level, const char *text) my_gnutls_log (int level, const char *text)
{ {
fprintf (stderr, "gnutls:L%d: %s", level, text); fprintf (stderr, "gnutls:L%d: %s", level, text);
} }
#endif
/* Prepend FNAME with the srcdir environment variable's value and /* Prepend FNAME with the srcdir environment variable's value and
return an allocated filename. */ return an allocated filename. */
...@@ -233,7 +237,14 @@ main (int argc, char **argv) ...@@ -233,7 +237,14 @@ main (int argc, char **argv)
if (!cafile) if (!cafile)
cafile = prepend_srcdir ("tls-ca.pem"); cafile = prepend_srcdir ("tls-ca.pem");
#ifdef HTTP_USE_GNUTLS #if HTTP_USE_NTBTLS
(void)err;
ntbtls_set_debug (tls_dbg, NULL, NULL);
#elif HTTP_USE_GNUTLS
rc = gnutls_global_init (); rc = gnutls_global_init ();
if (rc) if (rc)
log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc)); log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
......
...@@ -61,9 +61,13 @@ NEED_LIBASSUAN_VERSION=2.1.0 ...@@ -61,9 +61,13 @@ NEED_LIBASSUAN_VERSION=2.1.0
NEED_KSBA_API=1 NEED_KSBA_API=1
NEED_KSBA_VERSION=1.2.0 NEED_KSBA_VERSION=1.2.0
NEED_NTBTLS_API=1
NEED_NTBTLS_VERSION=0.1.0
NEED_NPTH_API=1 NEED_NPTH_API=1
NEED_NPTH_VERSION=0.91 NEED_NPTH_VERSION=0.91
NEED_GNUTLS_VERSION=3.0 NEED_GNUTLS_VERSION=3.0
...@@ -88,6 +92,7 @@ have_gpg_error=no ...@@ -88,6 +92,7 @@ have_gpg_error=no
have_libgcrypt=no have_libgcrypt=no
have_libassuan=no have_libassuan=no
have_ksba=no have_ksba=no
have_ntbtls=no
have_npth=no have_npth=no
have_libusb=no have_libusb=no
have_adns=no have_adns=no
...@@ -101,6 +106,7 @@ card_support=yes ...@@ -101,6 +106,7 @@ card_support=yes
use_ccid_driver=yes use_ccid_driver=yes
use_standard_socket=yes use_standard_socket=yes
dirmngr_auto_start=yes dirmngr_auto_start=yes
use_tls_library=no
GNUPG_BUILD_PROGRAM(gpg, yes) GNUPG_BUILD_PROGRAM(gpg, yes)
GNUPG_BUILD_PROGRAM(gpgsm, yes) GNUPG_BUILD_PROGRAM(gpgsm, yes)
...@@ -126,6 +132,8 @@ AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION", ...@@ -126,6 +132,8 @@ AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION",
[Required version of Libgcrypt]) [Required version of Libgcrypt])
AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION", AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION",
[Required version of Libksba]) [Required version of Libksba])
AC_DEFINE_UNQUOTED(NEED_NTBTLS_VERSION, "$NEED_NTBTLS_VERSION",
[Required version of NTBTLS])
...@@ -841,27 +849,37 @@ else ...@@ -841,27 +849,37 @@ else
***]]) ***]])
fi fi
# #
# Check whether GNUTLS is available # NTBTLS is our TLS library. If it is not available fallback to
# GNUTLS.
# #
PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION], AM_PATH_NTBTLS("$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION",
[have_gnutls=yes], [have_ntbtls=yes],[have_ntbtls=no])
[have_gnutls=no])
if test "$have_gnutls" = "yes"; then if test "$have_ntbtls" = yes ; then
AC_SUBST([LIBGNUTLS_CFLAGS]) use_tls_library=ntbtls
AC_SUBST([LIBGNUTLS_LIBS]) AC_DEFINE(HTTP_USE_NTBTLS, 1, [Enable NTBTLS support in http.c])
AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
else else
tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g') PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
AC_MSG_WARN([[ [have_gnutls=yes],
[have_gnutls=no])
if test "$have_gnutls" = "yes"; then
AC_SUBST([LIBGNUTLS_CFLAGS])
AC_SUBST([LIBGNUTLS_LIBS])
use_tls_library=gnutls
AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
else
tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
AC_MSG_WARN([[
*** ***
*** Building without GNUTLS - no TLS access to keyservers. *** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
*** ***
*** $tmp]]) *** $tmp]])
fi
fi fi
AC_MSG_NOTICE([checking for networking options]) AC_MSG_NOTICE([checking for networking options])
# #
...@@ -1788,7 +1806,7 @@ echo " ...@@ -1788,7 +1806,7 @@ echo "
Dirmngr auto start: $dirmngr_auto_start Dirmngr auto start: $dirmngr_auto_start
Readline support: $gnupg_cv_have_readline Readline support: $gnupg_cv_have_readline
DNS SRV support: $use_dns_srv DNS SRV support: $use_dns_srv
TLS support: $have_gnutls TLS support: $use_tls_library
" "
if test x"$use_regex" != xyes ; then if test x"$use_regex" != xyes ; then
echo " echo "
......
...@@ -63,7 +63,7 @@ endif ...@@ -63,7 +63,7 @@ endif
dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \ dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
../gl/libgnu.a $(DNSLIBS) $(LIBASSUAN_LIBS) \ ../gl/libgnu.a $(DNSLIBS) $(LIBASSUAN_LIBS) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
$(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
if !USE_LDAPWRAPPER if !USE_LDAPWRAPPER
dirmngr_LDADD += $(LDAPLIBS) dirmngr_LDADD += $(LDAPLIBS)
endif endif
......
...@@ -40,7 +40,12 @@ ...@@ -40,7 +40,12 @@
# include <signal.h> # include <signal.h>
#endif #endif
#include <npth.h> #include <npth.h>
#ifdef HTTP_USE_GNUTLS
#include "dirmngr-err.h"
#if HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
# include <gnutls/gnutls.h> # include <gnutls/gnutls.h>
#endif /*HTTP_USE_GNUTLS*/ #endif /*HTTP_USE_GNUTLS*/
...@@ -210,6 +215,7 @@ static ARGPARSE_OPTS opts[] = { ...@@ -210,6 +215,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_p_u (oDebug, "debug", "@"), ARGPARSE_p_u (oDebug, "debug", "@"),
ARGPARSE_s_n (oDebugAll, "debug-all", "@"), ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
ARGPARSE_s_i (oGnutlsDebug, "gnutls-debug", "@"), ARGPARSE_s_i (oGnutlsDebug, "gnutls-debug", "@"),
ARGPARSE_s_i (oGnutlsDebug, "tls-debug", "@"),
ARGPARSE_s_i (oDebugWait, "debug-wait", "@"), ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"), ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"), ARGPARSE_s_s (oHomedir, "homedir", "@"),
...@@ -244,7 +250,7 @@ static char *current_logfile; ...@@ -244,7 +250,7 @@ static char *current_logfile;
/* Helper to implement --debug-level. */ /* Helper to implement --debug-level. */
static const char *debug_level; static const char *debug_level;
/* Helper to set the GNUTLS log level. */ /* Helper to set the NTBTLS or GNUTLS log level. */
static int opt_gnutls_debug = -1; static int opt_gnutls_debug = -1;
/* Flag indicating that a shutdown has been requested. */ /* Flag indicating that a shutdown has been requested. */
...@@ -410,7 +416,12 @@ set_debug (void) ...@@ -410,7 +416,12 @@ set_debug (void)
if (opt.debug & DBG_CRYPTO_VALUE ) if (opt.debug & DBG_CRYPTO_VALUE )
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
#ifdef HTTP_USE_GNUTLS #if HTTP_USE_NTBTLS
if (opt_gnutls_debug >= 0)
{
ntbtls_set_debug (opt_gnutls_debug, NULL, NULL);
}
#elif HTTP_USE_GNUTLS
if (opt_gnutls_debug >= 0) if (opt_gnutls_debug >= 0)
{ {
gnutls_global_set_log_function (my_gnutls_log); gnutls_global_set_log_function (my_gnutls_log);
...@@ -669,8 +680,12 @@ main (int argc, char **argv) ...@@ -669,8 +680,12 @@ main (int argc, char **argv)
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free ); ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
ksba_set_hash_buffer_function (my_ksba_hash_buffer, NULL); ksba_set_hash_buffer_function (my_ksba_hash_buffer, NULL);
/* Init GNUTLS. */ /* Init TLS library. */
#ifdef HTTP_USE_GNUTLS #if HTTP_USE_NTBTLS
if (!ntbtls_check_version (NEED_NTBTLS_VERSION) )
log_fatal( _("%s is too old (need %s, have %s)\n"), "ntbtls",
NEED_NTBTLS_VERSION, ntbtls_check_version (NULL) );
#elif HTTP_USE_GNUTLS
rc = gnutls_global_init (); rc = gnutls_global_init ();
if (rc) if (rc)
log_fatal ("gnutls_global_init failed: %s\n", gnutls_strerror (rc)); log_fatal ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
......
...@@ -4,7 +4,7 @@ EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4 ...@@ -4,7 +4,7 @@ EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4
EXTRA_DIST += gnupg-pth.m4 EXTRA_DIST += gnupg-pth.m4
EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4 EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4 ntbtls.m4
EXTRA_DIST += autobuild.m4 EXTRA_DIST += autobuild.m4
......
dnl Autoconf macros for NTBTLS
dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc.
dnl
dnl This file is free software; as a special exception the author gives
dnl unlimited permission to copy and/or distribute it, with or without
dnl modifications, as long as this notice is preserved.
dnl
dnl This file is distributed in the hope that it will be useful, but
dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
dnl AM_PATH_NTBTLS([MINIMUM-VERSION,
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
dnl
dnl Test for NTBTLS and define NTBTLS_CFLAGS and NTBTLS_LIBS.
dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
dnl with the API version to also check the API compatibility. Example:
dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl
AC_DEFUN([AM_PATH_NTBTLS],
[ AC_REQUIRE([AC_CANONICAL_HOST])
AC_ARG_WITH(ntbtls-prefix,
AC_HELP_STRING([--with-ntbtls-prefix=PFX],
[prefix where NTBTLS is installed (optional)]),
ntbtls_config_prefix="$withval", ntbtls_config_prefix="")
if test x"${NTBTLS_CONFIG}" = x ; then
if test x"${ntbtls_config_prefix}" != x ; then
NTBTLS_CONFIG="${ntbtls_config_prefix}/bin/ntbtls-config"
else
case "${SYSROOT}" in
/*)
if test -x "${SYSROOT}/bin/ntbtls-config" ; then
NTBTLS_CONFIG="${SYSROOT}/bin/ntbtls-config"
fi
;;
'')
;;
*)
AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
;;
esac
fi
fi
AC_PATH_PROG(NTBTLS_CONFIG, ntbtls-config, no)
tmp=ifelse([$1], ,1:1.0.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_ntbtls_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
min_ntbtls_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
else
req_ntbtls_api=0
min_ntbtls_version="$tmp"
fi
AC_MSG_CHECKING(for NTBTLS - version >= $min_ntbtls_version)
ok=no
if test "$NTBTLS_CONFIG" != "no" ; then
req_major=`echo $min_ntbtls_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
req_minor=`echo $min_ntbtls_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
req_micro=`echo $min_ntbtls_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
ntbtls_config_version=`$NTBTLS_CONFIG --version`
major=`echo $ntbtls_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
minor=`echo $ntbtls_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
micro=`echo $ntbtls_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
if test "$major" -gt "$req_major"; then
ok=yes
else
if test "$major" -eq "$req_major"; then
if test "$minor" -gt "$req_minor"; then
ok=yes
else
if test "$minor" -eq "$req_minor"; then
if test "$micro" -ge "$req_micro"; then
ok=yes
fi
fi
fi
fi
fi
fi
if test $ok = yes; then
AC_MSG_RESULT([yes ($ntbtls_config_version)])
else
AC_MSG_RESULT(no)