diff options
author | hyunuktak <hyunuk.tak@samsung.com> | 2015-12-17 10:11:42 +0900 |
---|---|---|
committer | hyunuktak <hyunuk.tak@samsung.com> | 2015-12-17 10:11:54 +0900 |
commit | c920cd5d1d2fc6054d8a35a60ee40f323aa32cd6 (patch) | |
tree | 03e632d3eb1cdf03477a4a200619444bdd5c98bf /gweb | |
parent | f4b6dfbed5104504344038b3b522391ac8d19d81 (diff) | |
download | connman-c920cd5d1d2fc6054d8a35a60ee40f323aa32cd6.tar.gz connman-c920cd5d1d2fc6054d8a35a60ee40f323aa32cd6.tar.bz2 connman-c920cd5d1d2fc6054d8a35a60ee40f323aa32cd6.zip |
Apply tpkp-gnutls
Change-Id: I291b210c7f241492df945d565d9d44c7ad57054f
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
Diffstat (limited to 'gweb')
-rwxr-xr-x | gweb/giognutls.c | 9 | ||||
-rwxr-xr-x | gweb/gweb.c | 3 |
2 files changed, 12 insertions, 0 deletions
diff --git a/gweb/giognutls.c b/gweb/giognutls.c index 09dc9e72..a790eca6 100755 --- a/gweb/giognutls.c +++ b/gweb/giognutls.c @@ -29,6 +29,7 @@ #include <unistd.h> #include <gnutls/gnutls.h> +#include <tpkp_gnutls.h> #include "giognutls.h" @@ -235,6 +236,8 @@ static void g_io_gnutls_free(GIOChannel *channel) gnutls_deinit(gnutls_channel->session); + tpkp_gnutls_cleanup(); + gnutls_certificate_free_credentials(gnutls_channel->cred); g_free(gnutls_channel); @@ -459,6 +462,12 @@ GIOChannel *g_io_channel_gnutls_new(int fd) "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT", NULL); #endif + gnutls_certificate_set_verify_function(gnutls_channel->cred, &tpkp_gnutls_verify_callback); + /* + * TODO: get ca-bundle path build-time configuration unless gnutls set it as a default + */ + gnutls_certificate_set_x509_trust_file(gnutls_channel->cred, "/etc/ssl/ca-bundle.pem", GNUTLS_X509_FMT_PEM); + gnutls_certificate_allocate_credentials(&gnutls_channel->cred); gnutls_credentials_set(gnutls_channel->session, GNUTLS_CRD_CERTIFICATE, gnutls_channel->cred); diff --git a/gweb/gweb.c b/gweb/gweb.c index ec37a488..99709caa 100755 --- a/gweb/gweb.c +++ b/gweb/gweb.c @@ -39,6 +39,8 @@ #include <netinet/tcp.h> #include <ifaddrs.h> +#include <tpkp_gnutls.h> + #include "giognutls.h" #include "gresolv.h" #include "gweb.h" @@ -1054,6 +1056,7 @@ static int connect_session_transport(struct web_session *session) if (session->flags & SESSION_FLAG_USE_TLS) { debug(session->web, "using TLS encryption"); + tpkp_gnutls_set_url_data(session->host); session->transport_channel = g_io_channel_gnutls_new(sk); } else { debug(session->web, "no encryption"); |