Commit 46285595 authored by Guillaume Roguez's avatar Guillaume Roguez

security: re-enable anonymous gnutls handshake

This patch imports a gnutls upstream patch to fix the DTLS packet
re-ordering and re-enable our anonymous call feature.

We bump gnutls at least on 3.4.14, even if not published yet,
as the upstream patch will not be available since this version.
We continue to use the 3.4.10 release to apply our local patch.

We force also our contrib nettle to be build as some distributions
do not compile this library as we need to.

Change-Id: I3238993d56b41258f214cfaba7230dcd0538c5d2
Tuleap: #788
parent 74151247
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -1033 +1033 @@
- && hsk->end_offset >=
+ && hsk->end_offset + 1 >=
......@@ -4,7 +4,9 @@ GNUTLS_VERSION := 3.4.10
GNUTLS_URL := ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-$(GNUTLS_VERSION).tar.xz
PKGS += gnutls
ifeq ($(call need_pkg,"gnutls >= 3.3.19"),)
# We need at least the 3.4.10, but DTLS handshake re-ordered packet fix is only available since 3.4.14
# So we patch the 3.4.10 until official release of 3.4.14
ifeq ($(call need_pkg,"gnutls >= 3.4.14"),)
PKGS_FOUND += gnutls
endif
......@@ -32,6 +34,7 @@ ifndef HAVE_IOS
$(APPLY) $(SRC)/gnutls/mac-keychain-lookup.patch
endif
$(APPLY) $(SRC)/gnutls/format-security.patch
$(APPLY) $(SRC)/gnutls/dtls-packet-reordering.patch
$(call pkg_static,"lib/gnutls.pc.in")
$(UPDATE_AUTOCONFIG)
$(MOVE)
......
......@@ -3,9 +3,14 @@
NETTLE_VERSION := 3.1
NETTLE_URL := $(GNU)/nettle/nettle-$(NETTLE_VERSION).tar.gz
ifeq ($(call need_pkg,"nettle >= 3.1"),)
PKGS_FOUND += nettle
endif
PKGS += nettle
# TEMPORARY DISABLED
# Force nettle contrib until gnutls major patches are upstream and released
# See gnutls rules.mak for more information
#ifeq ($(call need_pkg,"nettle >= 3.1"),)
#PKGS_FOUND += nettle
#endif
$(TARBALLS)/nettle-$(NETTLE_VERSION).tar.gz:
$(call download,$(NETTLE_URL))
......
......@@ -137,7 +137,7 @@ public:
};
TlsSession(std::shared_ptr<IceTransport> ice, int ice_comp_id, const TlsParams& params,
const TlsSessionCallbacks& cbs, bool anonymous=false);
const TlsSessionCallbacks& cbs, bool anonymous=true);
~TlsSession();
// Returns the TLS session type ('server' or 'client')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment