|
0 |
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
1 |
## 01-fix-gnutls-crash.dpatch by Colin Leroy <colin@colino.net>
|
|
2 |
##
|
|
3 |
## All lines beginning with `## DP:' are a description of the patch.
|
|
4 |
## DP: Fix GNUTLS-related crashes.
|
|
5 |
|
|
6 |
@DPATCH@
|
|
7 |
diff -urNad libetpan-0.46~/src/data-types/mailstream_ssl.c libetpan-0.46/src/data-types/mailstream_ssl.c
|
|
8 |
--- libetpan-0.46~/src/data-types/mailstream_ssl.c 2006-06-26 15:50:26.000000000 +0400
|
|
9 |
+++ libetpan-0.46/src/data-types/mailstream_ssl.c 2006-09-25 23:14:42.886333526 +0400
|
|
10 |
@@ -30,7 +30,7 @@
|
|
11 |
*/
|
|
12 |
|
|
13 |
/*
|
|
14 |
- * $Id: mailstream_ssl.c,v 1.38 2006/06/26 11:50:26 hoa Exp $
|
|
15 |
+ * $Id: mailstream_ssl.c,v 1.40 2006/09/24 08:42:37 colinleroy Exp $
|
|
16 |
*/
|
|
17 |
|
|
18 |
/*
|
|
19 |
@@ -162,6 +162,7 @@
|
|
20 |
#ifdef USE_SSL
|
|
21 |
static inline int mailstream_prepare_fd(int fd)
|
|
22 |
{
|
|
23 |
+#ifndef WIN32
|
|
24 |
int fd_flags;
|
|
25 |
int r;
|
|
26 |
|
|
27 |
@@ -170,6 +171,7 @@
|
|
28 |
r = fcntl(fd, F_SETFL, fd_flags);
|
|
29 |
if (r < 0)
|
|
30 |
return -1;
|
|
31 |
+#endif
|
|
32 |
|
|
33 |
return 0;
|
|
34 |
}
|
|
35 |
@@ -269,19 +271,37 @@
|
|
36 |
{
|
|
37 |
struct mailstream_ssl_data * ssl_data;
|
|
38 |
gnutls_session session;
|
|
39 |
- gnutls_anon_client_credentials anoncred;
|
|
40 |
+
|
|
41 |
+ const int cipher_prio[] = { GNUTLS_CIPHER_AES_128_CBC,
|
|
42 |
+ GNUTLS_CIPHER_3DES_CBC,
|
|
43 |
+ GNUTLS_CIPHER_AES_256_CBC,
|
|
44 |
+ GNUTLS_CIPHER_ARCFOUR_128, 0 };
|
|
45 |
+ const int kx_prio[] = { GNUTLS_KX_DHE_RSA,
|
|
46 |
+ GNUTLS_KX_RSA,
|
|
47 |
+ GNUTLS_KX_DHE_DSS, 0 };
|
|
48 |
+ const int mac_prio[] = { GNUTLS_MAC_SHA1,
|
|
49 |
+ GNUTLS_MAC_MD5, 0 };
|
|
50 |
+ const int proto_prio[] = { GNUTLS_TLS1,
|
|
51 |
+ GNUTLS_SSL3, 0 };
|
|
52 |
+
|
|
53 |
+ gnutls_certificate_credentials_t xcred;
|
|
54 |
int r;
|
|
55 |
|
|
56 |
mailstream_ssl_init();
|
|
57 |
|
|
58 |
- gnutls_anon_allocate_client_credentials (&anoncred);
|
|
59 |
-
|
|
60 |
+ gnutls_certificate_allocate_credentials (&xcred);
|
|
61 |
r = gnutls_init(&session, GNUTLS_CLIENT);
|
|
62 |
if (session == NULL)
|
|
63 |
return NULL;
|
|
64 |
|
|
65 |
- r = gnutls_set_default_priority(session);
|
|
66 |
- r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, anoncred);
|
|
67 |
+ gnutls_set_default_priority(session);
|
|
68 |
+ gnutls_protocol_set_priority (session, proto_prio);
|
|
69 |
+ gnutls_cipher_set_priority (session, cipher_prio);
|
|
70 |
+ gnutls_kx_set_priority (session, kx_prio);
|
|
71 |
+ gnutls_mac_set_priority (session, mac_prio);
|
|
72 |
+
|
|
73 |
+ r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
74 |
+
|
|
75 |
gnutls_transport_set_ptr(session, (gnutls_transport_ptr) fd);
|
|
76 |
|
|
77 |
do {
|