Merge mainline.

2 files changed, 5 insertions, 79 deletions

diff --git a/lib/ssl_bogus.c b/lib/ssl_bogus.c
deleted file mode 100644
index e134201d..00000000
--- a/lib/ssl_bogus.c
+++ /dev/null
@@ -1,76 +0,0 @@
-  /********************************************************************\
-  * BitlBee -- An IRC to other IM-networks gateway                     *
-  *                                                                    *
-  * Copyright 2002-2004 Wilmer van der Gaast and others                *
-  \********************************************************************/
-
-/* SSL module - dummy version                                           */
-
-/*
-  This program is free software; you can redistribute it and/or modify
-  it under the terms of the GNU General Public License as published by
-  the Free Software Foundation; either version 2 of the License, or
-  (at your option) any later version.
-
-  This program is distributed in the hope that it will be useful,
-  but WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU General Public License for more details.
-
-  You should have received a copy of the GNU General Public License with
-  the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
-  if not, write to the Free Software Foundation, Inc., 59 Temple Place,
-  Suite 330, Boston, MA  02111-1307  USA
-*/
-
-#include "ssl_client.h"
-
-int ssl_errno;
-
-void ssl_init( void )
-{
-}
-
-void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data )
-{
-	return( NULL );
-}
-
-int ssl_read( void *conn, char *buf, int len )
-{
-	return( -1 );
-}
-
-int ssl_write( void *conn, const char *buf, int len )
-{
-	return( -1 );
-}
-
-void ssl_disconnect( void *conn_ )
-{
-}
-
-int ssl_getfd( void *conn )
-{
-	return( -1 );
-}
-
-void *ssl_starttls( int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data ) 
-{
-	return NULL;
-}
-
-b_input_condition ssl_getdirection( void *conn )
-{
-	return B_EV_IO_READ;
-}
-
-int ssl_pending( void *conn )
-{
-	return 0;
-}
-
-char *ssl_verify_strerror( int code )
-{
-	return NULL;
-}
diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c
index 987d78cb..45d24e6e 100644
--- a/lib/ssl_gnutls.c
+++ b/lib/ssl_gnutls.c
@@ -84,8 +84,10 @@ void ssl_init( void )
 	{
 		gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
 		
-		/* Not needed in GnuTLS 2.11+ but we support older versions for now. */
-		gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
+		/* Not needed in GnuTLS 2.11+ (enabled by default there) so
+		   don't do it (resets possible other defaults). */
+		if( !gnutls_check_version( "2.11" ) )
+			gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
 	}
 	initialized = TRUE;
 	
@@ -107,12 +109,12 @@ void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function fun
 {
 	struct scd *conn = g_new0( struct scd, 1 );
 	
-	conn->fd = proxy_connect( host, port, ssl_connected, conn );
 	conn->func = func;
 	conn->data = data;
 	conn->inpa = -1;
 	conn->hostname = g_strdup( host );
 	conn->verify = verify && global.conf->cafile;
+	conn->fd = proxy_connect( host, port, ssl_connected, conn );
 	
 	if( conn->fd < 0 )
 	{