A few more SSL fixes merged from AopicieR. This also fixes OpenSSL compile

issues (bug #881).

2 files changed, 5 insertions, 10 deletions

diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c
index f6cce914..62932e86 100644
--- a/lib/ssl_gnutls.c
+++ b/lib/ssl_gnutls.c
@@ -78,7 +78,8 @@ void ssl_init( void )
 	if( global.conf->cafile )
 	{
 		gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
-		/* TODO: Do we want/need this? */
+		
+		/* Not needed in GnuTLS 2.11+ but we support older versions for now. */
 		gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
 	}
 	initialized = TRUE;
@@ -190,14 +191,7 @@ static int verify_certificate_callback( gnutls_session_t session )
 		verifyret |= VERIFY_CERT_EXPIRED;
 #endif
 
-	/* The following check is already performed inside 
-	 * gnutls_certificate_verify_peers2, so we don't need it.
-
-	 * if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 )
-	 * return GNUTLS_E_CERTIFICATE_ERROR;
-	 */
-
-	if( gnutls_x509_crt_init( &cert ) < 0 )
+	if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 || gnutls_x509_crt_init( &cert ) < 0 )
 		return VERIFY_CERT_ERROR;
 
 	cert_list = gnutls_certificate_get_peers( session, &cert_list_size );
diff --git a/lib/ssl_openssl.c b/lib/ssl_openssl.c
index 5c38d0e9..c1aa6b1b 100644
--- a/lib/ssl_openssl.c
+++ b/lib/ssl_openssl.c
@@ -30,6 +30,7 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 
+#include "bitlbee.h"
 #include "proxy.h"
 #include "ssl_client.h"
 #include "sock.h"
@@ -116,7 +117,7 @@ static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition
 static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
 {
 	struct scd *conn = data;
-	SSL_METHOD *meth;
+	const SSL_METHOD *meth;
 	
 	/* Right now we don't have any verification functionality for OpenSSL. */