summaryrefslogtreecommitdiff
path: root/gweb
diff options
context:
space:
mode:
Diffstat (limited to 'gweb')
-rwxr-xr-xgweb/giognutls.c9
-rwxr-xr-xgweb/gweb.c3
2 files changed, 12 insertions, 0 deletions
diff --git a/gweb/giognutls.c b/gweb/giognutls.c
index 09dc9e72..a790eca6 100755
--- a/gweb/giognutls.c
+++ b/gweb/giognutls.c
@@ -29,6 +29,7 @@
#include <unistd.h>
#include <gnutls/gnutls.h>
+#include <tpkp_gnutls.h>
#include "giognutls.h"
@@ -235,6 +236,8 @@ static void g_io_gnutls_free(GIOChannel *channel)
gnutls_deinit(gnutls_channel->session);
+ tpkp_gnutls_cleanup();
+
gnutls_certificate_free_credentials(gnutls_channel->cred);
g_free(gnutls_channel);
@@ -459,6 +462,12 @@ GIOChannel *g_io_channel_gnutls_new(int fd)
"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT", NULL);
#endif
+ gnutls_certificate_set_verify_function(gnutls_channel->cred, &tpkp_gnutls_verify_callback);
+ /*
+ * TODO: get ca-bundle path build-time configuration unless gnutls set it as a default
+ */
+ gnutls_certificate_set_x509_trust_file(gnutls_channel->cred, "/etc/ssl/ca-bundle.pem", GNUTLS_X509_FMT_PEM);
+
gnutls_certificate_allocate_credentials(&gnutls_channel->cred);
gnutls_credentials_set(gnutls_channel->session,
GNUTLS_CRD_CERTIFICATE, gnutls_channel->cred);
diff --git a/gweb/gweb.c b/gweb/gweb.c
index ec37a488..99709caa 100755
--- a/gweb/gweb.c
+++ b/gweb/gweb.c
@@ -39,6 +39,8 @@
#include <netinet/tcp.h>
#include <ifaddrs.h>
+#include <tpkp_gnutls.h>
+
#include "giognutls.h"
#include "gresolv.h"
#include "gweb.h"
@@ -1054,6 +1056,7 @@ static int connect_session_transport(struct web_session *session)
if (session->flags & SESSION_FLAG_USE_TLS) {
debug(session->web, "using TLS encryption");
+ tpkp_gnutls_set_url_data(session->host);
session->transport_channel = g_io_channel_gnutls_new(sk);
} else {
debug(session->web, "no encryption");