diff options
Diffstat (limited to 'gweb/giognutls.c')
-rwxr-xr-x | gweb/giognutls.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/gweb/giognutls.c b/gweb/giognutls.c index 09dc9e72..a790eca6 100755 --- a/gweb/giognutls.c +++ b/gweb/giognutls.c @@ -29,6 +29,7 @@ #include <unistd.h> #include <gnutls/gnutls.h> +#include <tpkp_gnutls.h> #include "giognutls.h" @@ -235,6 +236,8 @@ static void g_io_gnutls_free(GIOChannel *channel) gnutls_deinit(gnutls_channel->session); + tpkp_gnutls_cleanup(); + gnutls_certificate_free_credentials(gnutls_channel->cred); g_free(gnutls_channel); @@ -459,6 +462,12 @@ GIOChannel *g_io_channel_gnutls_new(int fd) "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT", NULL); #endif + gnutls_certificate_set_verify_function(gnutls_channel->cred, &tpkp_gnutls_verify_callback); + /* + * TODO: get ca-bundle path build-time configuration unless gnutls set it as a default + */ + gnutls_certificate_set_x509_trust_file(gnutls_channel->cred, "/etc/ssl/ca-bundle.pem", GNUTLS_X509_FMT_PEM); + gnutls_certificate_allocate_credentials(&gnutls_channel->cred); gnutls_credentials_set(gnutls_channel->session, GNUTLS_CRD_CERTIFICATE, gnutls_channel->cred); |