summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhyunuktak <hyunuk.tak@samsung.com>2015-12-17 10:11:42 +0900
committerhyunuktak <hyunuk.tak@samsung.com>2015-12-17 10:11:54 +0900
commitc920cd5d1d2fc6054d8a35a60ee40f323aa32cd6 (patch)
tree03e632d3eb1cdf03477a4a200619444bdd5c98bf
parentf4b6dfbed5104504344038b3b522391ac8d19d81 (diff)
downloadconnman-c920cd5d1d2fc6054d8a35a60ee40f323aa32cd6.tar.gz
connman-c920cd5d1d2fc6054d8a35a60ee40f323aa32cd6.tar.bz2
connman-c920cd5d1d2fc6054d8a35a60ee40f323aa32cd6.zip
Apply tpkp-gnutls
Change-Id: I291b210c7f241492df945d565d9d44c7ad57054f Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
-rwxr-xr-xMakefile.am11
-rwxr-xr-xconfigure.ac5
-rwxr-xr-xgweb/giognutls.c9
-rwxr-xr-xgweb/gweb.c3
-rwxr-xr-xpackaging/connman.spec1
5 files changed, 24 insertions, 5 deletions
diff --git a/Makefile.am b/Makefile.am
index afe412cc..7fda2139 100755
--- a/Makefile.am
+++ b/Makefile.am
@@ -118,6 +118,7 @@ src_connmand_SOURCES = $(gdhcp_sources) $(gweb_sources) \
src_connmand_LDADD = gdbus/libgdbus-internal.la $(builtin_libadd) \
@GLIB_LIBS@ @DBUS_LIBS@ @XTABLES_LIBS@ @GNUTLS_LIBS@ \
+ @TPKP_GNUTLS_LIBS@ \
-lresolv -ldl -lrt
src_connmand_LDFLAGS = -Wl,--export-dynamic \
@@ -146,7 +147,7 @@ vpn_connman_vpnd_SOURCES = $(builtin_vpn_sources) \
vpn/vpn-config.c
vpn_connman_vpnd_LDADD = gdbus/libgdbus-internal.la $(builtin_vpn_libadd) \
- @GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ \
+ @GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ @TPKP_GNUTLS_LIBS@ \
-lresolv -ldl
vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic \
@@ -192,7 +193,7 @@ endif
endif
AM_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@ @XTABLES_CFLAGS@ \
- @GNUTLS_CFLAGS@ $(builtin_cflags) \
+ @GNUTLS_CFLAGS@ @TPKP_GNUTLS_CFLAGS@ $(builtin_cflags) \
-DCONNMAN_PLUGIN_BUILTIN \
-DSTATEDIR=\""$(statedir)"\" \
-DVPN_STATEDIR=\""$(vpn_statedir)"\" \
@@ -209,7 +210,7 @@ AM_CPPFLAGS = -I$(builddir)/include -I$(builddir)/src -I$(srcdir)/gdbus
endif
src_connmand_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@ @XTABLES_CFLAGS@ \
- @GNUTLS_CFLAGS@ $(builtin_cflags) \
+ @GNUTLS_CFLAGS@ @TPKP_GNUTLS_CFLAGS@ $(builtin_cflags) \
-DCONNMAN_PLUGIN_BUILTIN \
-DSTATEDIR=\""$(statedir)"\" \
-DPLUGINDIR=\""$(build_plugindir)"\" \
@@ -276,7 +277,7 @@ if WISPR
noinst_PROGRAMS += tools/wispr
tools_wispr_SOURCES = $(gweb_sources) tools/wispr.c
-tools_wispr_LDADD = @GLIB_LIBS@ @GNUTLS_LIBS@ -lresolv
+tools_wispr_LDADD = @GLIB_LIBS@ @GNUTLS_LIBS@ @TPKP_GNUTLS_LIBS@ -lresolv
endif
if TOOLS
@@ -296,7 +297,7 @@ tools_supplicant_test_LDADD = gdbus/libgdbus-internal.la \
@GLIB_LIBS@ @DBUS_LIBS@
tools_web_test_SOURCES = $(gweb_sources) tools/web-test.c
-tools_web_test_LDADD = @GLIB_LIBS@ @GNUTLS_LIBS@ -lresolv
+tools_web_test_LDADD = @GLIB_LIBS@ @GNUTLS_LIBS@ @TPKP_GNUTLS_LIBS@ -lresolv
tools_resolv_test_SOURCES = gweb/gresolv.h gweb/gresolv.c tools/resolv-test.c
tools_resolv_test_LDADD = @GLIB_LIBS@ -lresolv
diff --git a/configure.ac b/configure.ac
index 35d8f982..ca70ac59 100755
--- a/configure.ac
+++ b/configure.ac
@@ -261,6 +261,11 @@ PKG_CHECK_MODULES(XTABLES, xtables >= 1.4.11, dummy=yes,
AC_SUBST(XTABLES_CFLAGS)
AC_SUBST(XTABLES_LIBS)
+PKG_CHECK_MODULES(TPKP_GNUTLS, tpkp-gnutls, dummy=yes,
+ AC_MSG_ERROR(tpkp-gnutls library is required))
+AC_SUBST(TPKP_GNUTLS_CFLAGS)
+AC_SUBST(TPKP_GNUTLS_LIBS)
+
AC_ARG_ENABLE(test, AC_HELP_STRING([--enable-test],
[enable test/example scripts]), [enable_test=${enableval}])
AM_CONDITIONAL(TEST, test "${enable_test}" = "yes")
diff --git a/gweb/giognutls.c b/gweb/giognutls.c
index 09dc9e72..a790eca6 100755
--- a/gweb/giognutls.c
+++ b/gweb/giognutls.c
@@ -29,6 +29,7 @@
#include <unistd.h>
#include <gnutls/gnutls.h>
+#include <tpkp_gnutls.h>
#include "giognutls.h"
@@ -235,6 +236,8 @@ static void g_io_gnutls_free(GIOChannel *channel)
gnutls_deinit(gnutls_channel->session);
+ tpkp_gnutls_cleanup();
+
gnutls_certificate_free_credentials(gnutls_channel->cred);
g_free(gnutls_channel);
@@ -459,6 +462,12 @@ GIOChannel *g_io_channel_gnutls_new(int fd)
"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT", NULL);
#endif
+ gnutls_certificate_set_verify_function(gnutls_channel->cred, &tpkp_gnutls_verify_callback);
+ /*
+ * TODO: get ca-bundle path build-time configuration unless gnutls set it as a default
+ */
+ gnutls_certificate_set_x509_trust_file(gnutls_channel->cred, "/etc/ssl/ca-bundle.pem", GNUTLS_X509_FMT_PEM);
+
gnutls_certificate_allocate_credentials(&gnutls_channel->cred);
gnutls_credentials_set(gnutls_channel->session,
GNUTLS_CRD_CERTIFICATE, gnutls_channel->cred);
diff --git a/gweb/gweb.c b/gweb/gweb.c
index ec37a488..99709caa 100755
--- a/gweb/gweb.c
+++ b/gweb/gweb.c
@@ -39,6 +39,8 @@
#include <netinet/tcp.h>
#include <ifaddrs.h>
+#include <tpkp_gnutls.h>
+
#include "giognutls.h"
#include "gresolv.h"
#include "gweb.h"
@@ -1054,6 +1056,7 @@ static int connect_session_transport(struct web_session *session)
if (session->flags & SESSION_FLAG_USE_TLS) {
debug(session->web, "using TLS encryption");
+ tpkp_gnutls_set_url_data(session->host);
session->transport_channel = g_io_channel_gnutls_new(sk);
} else {
debug(session->web, "no encryption");
diff --git a/packaging/connman.spec b/packaging/connman.spec
index a802c5aa..4dabaedc 100755
--- a/packaging/connman.spec
+++ b/packaging/connman.spec
@@ -12,6 +12,7 @@ BuildRequires: pkgconfig(libiptc)
BuildRequires: pkgconfig(xtables)
BuildRequires: pkgconfig(gnutls)
BuildRequires: pkgconfig(libsmack)
+BuildRequires: pkgconfig(tpkp-gnutls)
BuildRequires: readline-devel
#%systemd_requires
Requires: iptables