mirror of
https://github.com/curl/curl.git
synced 2026-07-16 01:17:16 +03:00
gtls: drop support for GnuTLS < 3.6.5
Release date 2018-12-01. Has TLS 1.3 support. Closes #19609
This commit is contained in:
parent
529f61388f
commit
49ab46c9c5
2 changed files with 3 additions and 48 deletions
|
|
@ -26,7 +26,7 @@ versions of libs and build tools.
|
|||
|
||||
- OpenSSL 3.0.0 (2021-09-07)
|
||||
- LibreSSL 2.9.1 (2019-04-22)
|
||||
- GnuTLS 3.1.10 (2013-03-22)
|
||||
- GnuTLS 3.6.5 (2018-12-01)
|
||||
- mbedTLS 3.2.0 (2022-07-11)
|
||||
- zlib 1.2.5.2 (2011-12-11)
|
||||
- libssh2 1.9.0 (2019-06-20)
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ static void tls_log_func(int level, const char *str)
|
|||
}
|
||||
#endif
|
||||
|
||||
#if !defined(GNUTLS_VERSION_NUMBER) || (GNUTLS_VERSION_NUMBER < 0x03010a)
|
||||
#if !defined(GNUTLS_VERSION_NUMBER) || (GNUTLS_VERSION_NUMBER < 0x030605)
|
||||
#error "too old GnuTLS version"
|
||||
#endif
|
||||
|
||||
|
|
@ -767,10 +767,8 @@ int Curl_glts_get_ietf_proto(gnutls_session_t session)
|
|||
return CURL_IETF_PROTO_TLS1_1;
|
||||
case GNUTLS_TLS1_2:
|
||||
return CURL_IETF_PROTO_TLS1_2;
|
||||
#if GNUTLS_VERSION_NUMBER >= 0x030603
|
||||
case GNUTLS_TLS1_3:
|
||||
return CURL_IETF_PROTO_TLS1_3;
|
||||
#endif
|
||||
default:
|
||||
return CURL_IETF_PROTO_UNKNOWN;
|
||||
}
|
||||
|
|
@ -1841,51 +1839,8 @@ Curl_gtls_verifyserver(struct Curl_cfilter *cf,
|
|||
rc = (int)gnutls_x509_crt_check_hostname(x509_cert,
|
||||
peer->sni ? peer->sni :
|
||||
peer->hostname);
|
||||
#if GNUTLS_VERSION_NUMBER < 0x030306
|
||||
/* Before 3.3.6, gnutls_x509_crt_check_hostname() did not check IP
|
||||
addresses. */
|
||||
if(!rc) {
|
||||
#ifdef USE_IPV6
|
||||
#define use_addr in6_addr
|
||||
#else
|
||||
#define use_addr in_addr
|
||||
#endif
|
||||
unsigned char addrbuf[sizeof(struct use_addr)];
|
||||
size_t addrlen = 0;
|
||||
|
||||
if(curlx_inet_pton(AF_INET, peer->hostname, addrbuf) > 0)
|
||||
addrlen = 4;
|
||||
#ifdef USE_IPV6
|
||||
else if(curlx_inet_pton(AF_INET6, peer->hostname, addrbuf) > 0)
|
||||
addrlen = 16;
|
||||
#endif
|
||||
|
||||
if(addrlen) {
|
||||
unsigned char certaddr[sizeof(struct use_addr)];
|
||||
int i;
|
||||
|
||||
for(i = 0; ; i++) {
|
||||
size_t certaddrlen = sizeof(certaddr);
|
||||
int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
|
||||
&certaddrlen, NULL);
|
||||
/* If this happens, it was not an IP address. */
|
||||
if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
|
||||
continue;
|
||||
if(ret < 0)
|
||||
break;
|
||||
if(ret != GNUTLS_SAN_IPADDRESS)
|
||||
continue;
|
||||
if(certaddrlen == addrlen && !memcmp(addrbuf, certaddr, addrlen)) {
|
||||
rc = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
result = (!rc && config->verifyhost) ?
|
||||
CURLE_PEER_FAILED_VERIFICATION : CURLE_OK;
|
||||
CURLE_PEER_FAILED_VERIFICATION : CURLE_OK;
|
||||
gtls_msg_verify_result(data, peer, x509_cert, rc, config->verifyhost);
|
||||
if(result)
|
||||
goto out;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue