contrib/gnutls: add patch adding keychain root certificate lookups on OS X (not supported on iOS)

a06e7f27 · Felix Paul Kühne · e7353f4b · a06e7f27 · a06e7f27
Commit a06e7f27 authored Nov 10, 2013 by Felix Paul Kühne
Hide whitespace changes
Inline Side-by-side

Showing with 83 additions and 0 deletions

contrib/src/gnutls/mac-keychain-lookup.patch contrib/src/gnutls/mac-keychain-lookup.patch +80 -0

contrib/src/gnutls/rules.mak contrib/src/gnutls/rules.mak +3 -0

No files found.
--- a/contrib/src/gnutls/mac-keychain-lookup.patch
+++ b/contrib/src/gnutls/mac-keychain-lookup.patch
+diff -ru gnutls-plain/lib/Makefile.am gnutls/lib/Makefile.am
+--- gnutls-plain/lib/Makefile.am	2013-06-02 19:33:57.000000000 +0200
+++ gnutls/lib/Makefile.am	2013-11-10 13:04:36.000000000 +0100
+@@ -152,6 +152,10 @@
+ DISTCLEANFILES += $(defexec_DATA)
+ endif
+ 
+if MACOSX
+libgnutls_la_LDFLAGS += -Wl,-framework,Security,-framework,CoreFoundation
+endif
+
+ if WINDOWS
+ thirdparty_libadd += -lcrypt32
+ endif
+diff -ru gnutls-plain/lib/system.c gnutls/lib/system.c
+--- gnutls-plain/lib/system.c	2013-04-10 22:25:51.000000000 +0200
+++ gnutls/lib/system.c	2013-11-10 13:01:47.000000000 +0100
+@@ -57,6 +57,15 @@
+ #undef send
+ #undef select
+ 
+#ifdef __APPLE__
+#include "TargetConditionals.h"
+#ifdef TARGET_OS_MAC
+#define _UINT64
+#include <Security/Security.h>
+#include <Security/SecCertificate.h>
+#endif
+#endif
+
+ /* System specific function wrappers.
+  */
+ 
+@@ -550,6 +559,46 @@
+ 
+   return r;
+ }
+#elif defined(__APPLE__)
+#if TARGET_OS_MAC
+static
+int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags)
+{
+    CFArrayRef anchors;
+    int ret = 0;
+    printf("add_system_trust\n");
+    if (SecTrustCopyAnchorCertificates(&anchors) != 0) {
+        printf("failure one\n");
+        return -1;
+    }
+
+    CFIndex count = CFArrayGetCount(anchors);
+    for (int i = 0; i < count; i++) {
+        printf("looping %i\n", i);
+        SecCertificateRef certref = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, i);
+
+        CSSM_DATA certData;
+        SecCertificateGetData(certref, &certData);
+        gnutls_datum data = {
+            .data = certData.Data,
+            .size = certData.Length,
+        };
+
+        if (!gnutls_x509_trust_list_add_trust_mem(list, &data, NULL, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags))
+            printf("cannot add x509 credentials\n");
+        else
+            ret++;
+    }
+    CFRelease(anchors);
+
+    printf("will return %i\n", ret);
+
+    return ret;
+}
+
+#else
+#define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
+#endif
+ #else
+ 
+ #define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -26,6 +26,9 @@ endif
 	$(APPLY) $(SRC)/gnutls/gnutls-no-egd.patch
 	$(APPLY) $(SRC)/gnutls/read-file-limits.h.patch
 	$(APPLY) $(SRC)/gnutls/downgrade-automake-requirement.patch
+ifdef HAVE_MACOSX
+	$(APPLY) $(SRC)/gnutls/mac-keychain-lookup.patch
+endif
 	$(call pkg_static,"lib/gnutls.pc.in")
 	$(UPDATE_AUTOCONFIG)
 	$(MOVE)