View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001390 | SOGo | SOPE | public | 2011-07-20 14:47 | 2012-10-25 18:18 |
Reporter | dekkers | Assigned To | ludovic | ||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | resolved | Resolution | fixed | ||
Fixed in Version | 2.0.2 | ||||
Summary | 0001390: Add support for GnuTLS | ||||
Description | The attached patch adds suport for GnuTLS. I patched the configure script so that it first checks for GnuTLS, if that isn't available it checks for OpenSSL. I wanted to do it the other way around but libpq-dev depends on libssl-dev (OpenSSL), so it would always find OpenSSL and use that. | ||||
Tags | No tags attached. | ||||
parent of | 0001755 | resolved | GnuTLS support for SOGo |
2011-07-20 14:47
|
use-gnutls.patch (6,609 bytes)
--- a/configure +++ b/configure @@ -426,6 +426,7 @@ cd $tmpdir cp ../maintenance/dummytool.c . + OLDLIBS=$LIBS for LIB in $1;do LIBS="$LIBS -l${LIB}" done @@ -458,11 +459,14 @@ else echo "failed to link $2 library: $1" cfgwrite "HAS_LIBRARY_$1=no" + LIBS=$OLDLIBS fi fi cd $oldpwd rm -rf $tmpdir + + return $LINK_RESULT } checkDependencies() { @@ -470,7 +474,10 @@ cfgwrite "# library dependencies" checkLinking "xml2" optional; checkLinking "ldap" optional; - checkLinking "ssl" required; # TODO: make optional + checkLinking "gnutls" optional; + if test $? != 0; then + checkLinking "ssl" required; + fi checkLinking "pq" optional; # checkLinking "sqlite3" optional; cfgwrite "HAS_LIBRARY_sqlite3=no" --- a/sope-core/NGStreams/GNUmakefile.preamble +++ b/sope-core/NGStreams/GNUmakefile.preamble @@ -47,9 +47,13 @@ # activating SSL support -ifneq ($(ssl),no) libNGStreams_OBJC_FILES += NGActiveSSLSocket.m NGStreams_OBJC_FILES += NGActiveSSLSocket.m +ifeq ($(HAS_LIBRARY_gnutls),yes) +ADDITIONAL_CPPFLAGS += -DHAVE_GNUTLS=1 +libNGStreams_LIBRARIES_DEPEND_UPON += -lgnutls +NGStreams_LIBRARIES_DEPEND_UPON += -lgnutls +else ADDITIONAL_CPPFLAGS += -DHAVE_OPENSSL=1 -DOPENSSL_NO_KRB5 libNGStreams_LIBRARIES_DEPEND_UPON += -lssl -lcrypto NGStreams_LIBRARIES_DEPEND_UPON += -lssl -lcrypto --- a/sope-core/NGStreams/NGActiveSSLSocket.m +++ b/sope-core/NGStreams/NGActiveSSLSocket.m @@ -1,5 +1,6 @@ /* Copyright (C) 2000-2005 SKYRIX Software AG + Copyright (C) 2011 Jeroen Dekkers <jeroen@dekkers.ch> This file is part of SOPE. @@ -22,7 +23,9 @@ #include <NGStreams/NGActiveSSLSocket.h> #include "common.h" -#if HAVE_OPENSSL +#if HAVE_GNUTLS +# include <gnutls/gnutls.h> +#elif HAVE_OPENSSL # define id openssl_id # include <openssl/ssl.h> # include <openssl/err.h> @@ -35,7 +38,144 @@ @implementation NGActiveSSLSocket -#if HAVE_OPENSSL +#if HAVE_GNUTLS +- (id)initWithDomain:(id<NGSocketDomain>)_domain { + if ((self = [super initWithDomain:_domain])) { + //BIO *bio_err; + static BOOL didGlobalInit = NO; + int ret; + + if (!didGlobalInit) { + /* Global system initialization*/ + if (gnutls_global_init()) { + [self release]; + return nil; + } + + didGlobalInit = YES; + } + + ret = gnutls_certificate_allocate_credentials ((gnutls_certificate_credentials_t *) &self->cred); + if ( ret) + { + NSLog(@"ERROR(%s): couldn't create GnuTLS credentials (%s)", + __PRETTY_FUNCTION__, gnutls_strerror(ret)); + [self release]; + return nil; + } + + self->session = NULL; + } + return self; +} + +- (void)dealloc { + if (self->session) { + gnutls_deinit((gnutls_session_t) self->session); + self->session = NULL; + } + if (self->cred) { + gnutls_certificate_free_credentials((gnutls_certificate_credentials_t) self->cred); + self->cred = NULL; + } + [super dealloc]; +} + +/* basic IO, reading and writing bytes */ + +- (unsigned)readBytes:(void *)_buf count:(unsigned)_len { + ssize_t ret; + + if (self->session == NULL) + // should throw error + return NGStreamError; + + + ret = gnutls_record_recv((gnutls_session_t) self->session, _buf, _len); + if (ret < 0) + return NGStreamError; + else + return ret; +} +- (unsigned)writeBytes:(const void *)_buf count:(unsigned)_len { + ssize_t ret; + + if (self->session == NULL) + // should throw error + return NGStreamError; + + ret = gnutls_record_send((gnutls_session_t) self->session, _buf, _len); + if (ret < 0) + return NGStreamError; + else + return ret; +} + +/* connection and shutdown */ + +- (BOOL)markNonblockingAfterConnect { + return NO; +} + +- (BOOL) startTLS +{ + int ret; + + ret = gnutls_init((gnutls_session_t *) &self->session, GNUTLS_CLIENT); + if (ret) { + // should set exception ! + NSLog(@"ERROR(%s): couldn't create GnuTLS session (%s)", + __PRETTY_FUNCTION__, gnutls_strerror(ret)); + return NO; + } + + gnutls_priority_set_direct (session, "NORMAL", NULL); + + ret = gnutls_credentials_set((gnutls_session_t) self->session, GNUTLS_CRD_CERTIFICATE, (gnutls_certificate_credentials_t) self->cred); + if (ret) { + // should set exception ! + NSLog(@"ERROR(%s): couldn't set GnuTLS credentials (%s)", + __PRETTY_FUNCTION__, gnutls_strerror(ret)); + return NO; + } + + gnutls_transport_set_ptr((gnutls_session_t) self->session, (gnutls_transport_ptr_t) self->fd); + + ret = gnutls_handshake((gnutls_session_t) self->session); + if (ret) { + NSLog(@"ERROR(%s): couldn't setup SSL connection on socket (%s)", + __PRETTY_FUNCTION__, gnutls_strerror(ret)); + if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { + NSLog(@"Alert: %s", gnutls_alert_get_name(gnutls_alert_get(self->session))); + } + [self shutdown]; + return NO; + } + + return YES; +} + +- (BOOL)primaryConnectToAddress:(id<NGSocketAddress>)_address { + if (![super primaryConnectToAddress:_address]) + /* could not connect to Unix socket ... */ + return NO; + + return [self startTLS]; +} + +- (BOOL)shutdown { + if (self->session) { + gnutls_deinit((gnutls_session_t) self->session); + self->session = NULL; + } + if (self->cred) { + gnutls_certificate_free_credentials((gnutls_certificate_credentials_t) self->cred); + self->cred = NULL; + } + return [super shutdown]; +} + +#elif HAVE_OPENSSL #if STREAM_BIO static int streamBIO_bwrite(BIO *, const char *, int) { --- a/sope-core/NGStreams/NGStreams/NGActiveSSLSocket.h +++ b/sope-core/NGStreams/NGStreams/NGActiveSSLSocket.h @@ -1,5 +1,6 @@ /* Copyright (C) 2000-2005 SKYRIX Software AG + Copyright (C) 2011 Jeroen Dekkers <jeroen@dekkers.ch> This file is part of SOPE. @@ -22,12 +23,18 @@ #define __NGNet_NGActiveSSLSocket_H__ #include <NGStreams/NGActiveSocket.h> +#include "../config.h" @interface NGActiveSSLSocket : NGActiveSocket { +#ifdef HAVE_GNUTLS + void *cred; /* real type: gnutls_certificate_credentials_t */ + void *session; /* real type: gnutls_session_t */ +#else void *ctx; /* real type: SSL_CTX */ void *ssl; /* real type: SSL */ void *sbio; /* real type: BIO (basic input/output) */ +#endif } - (BOOL) startTLS; --- a/sope-ldap/NGLdap/GNUmakefile.preamble +++ b/sope-ldap/NGLdap/GNUmakefile.preamble @@ -40,9 +40,6 @@ ifeq ($(sasl),yes) libNGLdap_LIBRARIES_DEPEND_UPON += -lsasl endif -ifneq ($(nossl),yes) -libNGLdap_LIBRARIES_DEPEND_UPON += -lssl -endif else # is NeXT/Apple Foundation |
Patch applied to SOPE. |
|
Reversed for now. Please provide a patch for SOGo too as it uses some crypto functions in OpenSSL. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2011-07-20 14:47 | dekkers | New Issue | |
2011-07-20 14:47 | dekkers | File Added: use-gnutls.patch | |
2011-07-29 13:56 | ludovic | Note Added: 0002767 | |
2011-07-29 13:56 | ludovic | Status | new => resolved |
2011-07-29 13:56 | ludovic | Resolution | open => fixed |
2011-07-29 13:56 | ludovic | Assigned To | => ludovic |
2011-07-29 18:50 | ludovic | Note Added: 0002768 | |
2011-07-29 18:50 | ludovic | Status | resolved => feedback |
2011-07-29 18:50 | ludovic | Resolution | fixed => reopened |
2012-10-14 21:42 |
|
Relationship added | parent of 0001755 |
2012-10-25 18:18 |
|
Status | feedback => resolved |
2012-10-25 18:18 |
|
Fixed in Version | => 2.0.2 |
2012-10-25 18:18 |
|
Resolution | reopened => fixed |