Lines 60-65
Link Here
|
60 |
#undef HAVE_GCRYPT_RAND |
60 |
#undef HAVE_GCRYPT_RAND |
61 |
#endif |
61 |
#endif |
62 |
|
62 |
|
|
|
63 |
#if LIBGNUTLS_VERSION_NUMBER >= 0x030000 |
64 |
#define HAVE_GNUTLS_CERTIFICATE_GET_ISSUER 1 |
65 |
#else |
66 |
#undef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER |
67 |
#endif |
68 |
|
63 |
#ifndef HAVE_CIPHERSUITES |
69 |
#ifndef HAVE_CIPHERSUITES |
64 |
/* Versions prior to 2.2.0 didn't handle cipher suites, so we had to |
70 |
/* Versions prior to 2.2.0 didn't handle cipher suites, so we had to |
65 |
* kludge them ourselves. |
71 |
* kludge them ourselves. |
Lines 368-373
tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
Link Here
|
368 |
* then we have to build the cert chain. |
374 |
* then we have to build the cert chain. |
369 |
*/ |
375 |
*/ |
370 |
if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) { |
376 |
if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) { |
|
|
377 |
#ifdef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER |
378 |
gnutls_x509_crt_t issuer; |
379 |
unsigned int i; |
380 |
|
381 |
for ( i = 1; i<VERIFY_DEPTH; i++ ) { |
382 |
/* If no CA is known, we're done */ |
383 |
if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], |
384 |
&issuer, 0 ) ) |
385 |
break; |
386 |
certs[i] = issuer; |
387 |
max++; |
388 |
/* If this CA is self-signed, we're done */ |
389 |
if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] )) |
390 |
break; |
391 |
} |
392 |
#else |
371 |
gnutls_x509_crt_t *cas; |
393 |
gnutls_x509_crt_t *cas; |
372 |
unsigned int i, j, ncas; |
394 |
unsigned int i, j, ncas; |
373 |
|
395 |
|
Lines 387-392
tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
Link Here
|
387 |
if ( j == ncas ) |
409 |
if ( j == ncas ) |
388 |
break; |
410 |
break; |
389 |
} |
411 |
} |
|
|
412 |
#endif /* !defined HAVE_GNUTLS_CERTIFICATE_GET_ISSUER */ |
390 |
} |
413 |
} |
391 |
rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key ); |
414 |
rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key ); |
392 |
if ( rc ) return -1; |
415 |
if ( rc ) return -1; |
393 |
- |
|
|