I basically added a new option "gnutls" parallel to "ssl" (=> openssl), where gnutls suppresses ssl in auto configuration.
Next, I replaced all #if WITH_SSL (and similar) definitions with #if WITH_SSL || WITH_GNUTLS. (These changes also applied to the code generated from gob, as I don't have gob2 2.1.16) .
Further, jbsrc/lib/src/extra/jb-gnutls.{c,h} and src/mn-gnutls.{c,h} got added, the latter contains some useful functions for cert verification and the default cert path.
In src/mn-client-session.{c,h} I seperated WITH_SSL and WITH_GNUTLS and rewrote the code for gnutls.
There are three major points about it:
* gnutls 2.0.4 does not have all functions given in online api of gnutls nor do the examples work
(gnutls-doc-2.0.4 is somehow incomplete regarding api listing).
* cert chain verification needs to be cared for by mail-notification, e.g. reading ca certs from /etc/ssl/certs etc.
I decided not to use gnutls_certificate_verify_peers2 due to http://blog.josefsson.org/2008/02/27/real-world-performance-tuning-with-callgrind/ ,
which was really slow on my machine. Perhaps this could be changed some day.
* check_hostname is not used as I didn't figure out how to extract the common_name and altName(s)
correctly but use gnutls_x509_crt_check_hostname. I don't know if gnutls_x509_crt_check_hostname supports wildcards.
I took http:// savannah. nongnu. org/download/ mailnotify/ mail-notificati on-5.4. tar.bz2 (most recent) and add gnutls (2.0.4 as installed in hardy) support.
It works for me but I'm pretty sure that there are still some bugs around I somehow missed, so better somebody else looks over it before applying it.
I basically added a new option "gnutls" parallel to "ssl" (=> openssl), where gnutls suppresses ssl in auto configuration. src/extra/ jb-gnutls. {c,h} and src/mn-gnutls.{c,h} got added, the latter contains some useful functions for cert verification and the default cert path. client- session. {c,h} I seperated WITH_SSL and WITH_GNUTLS and rewrote the code for gnutls.
Next, I replaced all #if WITH_SSL (and similar) definitions with #if WITH_SSL || WITH_GNUTLS. (These changes also applied to the code generated from gob, as I don't have gob2 2.1.16) .
Further, jbsrc/lib/
In src/mn-
There are three major points about it: doc-2.0. 4 is somehow incomplete regarding api listing). certificate_ verify_ peers2 due to blog.josefsson. org/2008/ 02/27/real- world-performan ce-tuning- with-callgrind/ , x509_crt_ check_hostname. I don't know if gnutls_ x509_crt_ check_hostname supports wildcards.
* gnutls 2.0.4 does not have all functions given in online api of gnutls nor do the examples work
(gnutls-
* cert chain verification needs to be cared for by mail-notification, e.g. reading ca certs from /etc/ssl/certs etc.
I decided not to use gnutls_
http://
which was really slow on my machine. Perhaps this could be changed some day.
* check_hostname is not used as I didn't figure out how to extract the common_name and altName(s)
correctly but use gnutls_