Support GnuTLS v3 and set up its audit logging properly.

* configure.ac: Define HAVE_GNUTLS3 if GnuTLS v3 is found.

* src/gnutls.c (gnutls_audit_log_function): Add function for GnuTLS
audit logging (only used with GnuTLS 3.x) and enable it.

diff --git a/ChangeLog b/ChangeLog
index 6b78306..bb16aea 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2013-10-11  Teodor Zlatanov  <tzz@lifelogs.com>
+
+       * configure.ac: Define HAVE_GNUTLS3 if GnuTLS v3 is found.
+
 2013-10-10  Barry Fishman  <barry_fishman@acm.org>  (tiny change)
 
        * configure.ac: Update for giflib 5.  (Bug#15531)

diff --git a/configure.ac b/configure.ac
index 3bb1ee1..fd0c2d9 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2422,12 +2422,18 @@ fi
 AC_SUBST(LIBSELINUX_LIBS)
 
 HAVE_GNUTLS=no
+HAVE_GNUTLS3=no
 if test "${with_gnutls}" = "yes" ; then
   PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.6.6], HAVE_GNUTLS=yes, HAVE_GNUTLS=no)
+  PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.0.0], HAVE_GNUTLS3=yes, HAVE_GNUTLS3=no)
   if test "${HAVE_GNUTLS}" = "yes"; then
     AC_DEFINE(HAVE_GNUTLS, 1, [Define if using GnuTLS.])
   fi
 
+  if test "${HAVE_GNUTLS3}" = "yes"; then
+    AC_DEFINE(HAVE_GNUTLS3, 1, [Define if using GnuTLS v3.])
+  fi
+
   # Windows loads GnuTLS dynamically
   if test "${opsys}" = "mingw32"; then
     LIBGNUTLS_LIBS=

diff --git a/src/ChangeLog b/src/ChangeLog
index 74bb2a0..3d92420 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2013-10-11  Teodor Zlatanov  <tzz@lifelogs.com>
+
+       * gnutls.c (gnutls_audit_log_function): Add function for GnuTLS
+       audit logging (only used with GnuTLS 3.x) and enable it.
+
 2013-10-11  Dmitry Antipov  <dmantipov@yandex.ru>
 
        * dispnew.c (redraw_frame): Remove useless #ifdef because

diff --git a/src/gnutls.c b/src/gnutls.c
index db0a6da..2157d55 100644 (file)
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -55,6 +55,7 @@ static Lisp_Object QCgnutls_bootprop_verify_hostname_error;
 static Lisp_Object QCgnutls_bootprop_callbacks_verify;
 
 static void gnutls_log_function (int, const char *);
+static void gnutls_audit_log_function (gnutls_session_t, const char *);
 static void gnutls_log_function2 (int, const char*, const char*);
 
 \f
@@ -108,6 +109,9 @@ DEF_GNUTLS_FN (void, gnutls_dh_set_prime_bits,
 DEF_GNUTLS_FN (int, gnutls_error_is_fatal, (int));
 DEF_GNUTLS_FN (int, gnutls_global_init, (void));
 DEF_GNUTLS_FN (void, gnutls_global_set_log_function, (gnutls_log_func));
+#ifdef HAVE_GNUTLS3
+DEF_GNUTLS_FN (void, gnutls_global_set_audit_log_function, (gnutls_audit_log_func));
+#endif
 DEF_GNUTLS_FN (void, gnutls_global_set_log_level, (int));
 DEF_GNUTLS_FN (void, gnutls_global_set_mem_functions,
               (gnutls_alloc_function, gnutls_alloc_function,
@@ -173,6 +177,9 @@ init_gnutls_functions (void)
   LOAD_GNUTLS_FN (library, gnutls_error_is_fatal);
   LOAD_GNUTLS_FN (library, gnutls_global_init);
   LOAD_GNUTLS_FN (library, gnutls_global_set_log_function);
+#ifdef HAVE_GNUTLS3
+  LOAD_GNUTLS_FN (library, gnutls_global_set_audit_log_function);
+#endif
   LOAD_GNUTLS_FN (library, gnutls_global_set_log_level);
   LOAD_GNUTLS_FN (library, gnutls_global_set_mem_functions);
   LOAD_GNUTLS_FN (library, gnutls_handshake);
@@ -230,6 +237,9 @@ init_gnutls_functions (void)
 #define fn_gnutls_error_is_fatal               gnutls_error_is_fatal
 #define fn_gnutls_global_init                  gnutls_global_init
 #define fn_gnutls_global_set_log_function      gnutls_global_set_log_function
+#ifdef HAVE_GNUTLS3
+#define fn_gnutls_global_set_audit_log_function        gnutls_global_set_audit_log_function
+#endif
 #define fn_gnutls_global_set_log_level         gnutls_global_set_log_level
 #define fn_gnutls_global_set_mem_functions     gnutls_global_set_mem_functions
 #define fn_gnutls_handshake                    gnutls_handshake
@@ -249,6 +259,16 @@ init_gnutls_functions (void)
 #endif /* !WINDOWSNT */
 
 \f
+/* Function to log a simple audit message.  */
+static void
+gnutls_audit_log_function (gnutls_session_t session, const char* string)
+{
+  if (global_gnutls_log_level >= 1)
+    {
+      message ("gnutls.c: [audit] %s", string);
+    }
+}
+
 /* Function to log a simple message.  */
 static void
 gnutls_log_function (int level, const char* string)
@@ -797,6 +817,9 @@ one trustfile (usually a CA bundle).  */)
   if (TYPE_RANGED_INTEGERP (int, loglevel))
     {
       fn_gnutls_global_set_log_function (gnutls_log_function);
+#ifdef HAVE_GNUTLS3
+      fn_gnutls_global_set_audit_log_function (gnutls_audit_log_function);
+#endif
       fn_gnutls_global_set_log_level (XINT (loglevel));
       max_log_level = XINT (loglevel);
       XPROCESS (proc)->gnutls_log_level = max_log_level;