diff options
author | nia <nia@pkgsrc.org> | 2020-04-25 13:47:31 +0000 |
---|---|---|
committer | nia <nia@pkgsrc.org> | 2020-04-25 13:47:31 +0000 |
commit | aeb4226d596428789004ef823196cd271fd278dd (patch) | |
tree | 3e186efa98f8a494121ea6d72f8a76ee34f4df12 /www | |
parent | c889424aad1ea03eabe7bb03c3eb7ba435ae0e03 (diff) | |
download | pkgsrc-aeb4226d596428789004ef823196cd271fd278dd.tar.gz |
cadaver: Build with OpenSSL 1.1... by switching to gnutls and fixing that
Diffstat (limited to 'www')
-rw-r--r-- | www/cadaver/Makefile | 26 | ||||
-rw-r--r-- | www/cadaver/distinfo | 6 | ||||
-rw-r--r-- | www/cadaver/patches/patch-lib_neon_ne__auth.c | 24 | ||||
-rw-r--r-- | www/cadaver/patches/patch-lib_neon_ne__gnutls.c | 340 | ||||
-rw-r--r-- | www/cadaver/patches/patch-lib_neon_ne__privssl.h | 37 | ||||
-rw-r--r-- | www/cadaver/patches/patch-lib_neon_ne__socket.c | 90 |
6 files changed, 503 insertions, 20 deletions
diff --git a/www/cadaver/Makefile b/www/cadaver/Makefile index 599b25443d5..15a14f7f282 100644 --- a/www/cadaver/Makefile +++ b/www/cadaver/Makefile @@ -1,37 +1,25 @@ -# $NetBSD: Makefile,v 1.51 2020/04/24 12:14:01 nia Exp $ +# $NetBSD: Makefile,v 1.52 2020/04/25 13:47:31 nia Exp $ DISTNAME= cadaver-0.23.3 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= www -#MASTER_SITES= http://www.webdav.org/cadaver/ +MASTER_SITES= http://www.webdav.org/cadaver/ MAINTAINER= pkgsrc-users@NetBSD.org -#HOMEPAGE= http://www.webdav.org/cadaver/ +HOMEPAGE= http://www.webdav.org/cadaver/ COMMENT= Command-line WebDAV client - -BROKEN= "Fails to build with OpenSSL 1.1" +LICENSE= gnu-gpl-v2 BUILD_TARGET= cadaver GNU_CONFIGURE= YES USE_PKGLOCALEDIR= yes CONFIGURE_ARGS+= --enable-netrc CONFIGURE_ARGS+= --with-expat -#CONFIGURE_ARGS+= --with-included-neon -CONFIGURE_ARGS+= --with-ssl=yes +CONFIGURE_ARGS+= --with-ssl=gnutls LIBS+= ${BUILDLINK_LDADD.termcap} -#INSTALL_MAKE_FLAGS+= bindir=${DESTDIR:Q}${PREFIX:Q}/bin \ -# mandir=${DESTDIR:Q}${PREFIX:Q}/${PKGMANDIR:Q} - .include "../../mk/readline.buildlink3.mk" -.include "../../security/openssl/buildlink3.mk" .include "../../textproc/expat/buildlink3.mk" -.include "../../www/neon/buildlink3.mk" .include "../../devel/gettext-lib/buildlink3.mk" -# DON'T make this package depend on the www/neon package until neon -# becomes stable; keep it using its internal copy of neon as with -# www/sitecopy. This package has in the past bounced back and forth -# between using external and internal neon because neon moves faster -# than cadaver, and does so incompatibly. - +.include "../../security/gnutls/buildlink3.mk" .include "../../mk/bsd.pkg.mk" diff --git a/www/cadaver/distinfo b/www/cadaver/distinfo index 24789ceca82..ac4add390e6 100644 --- a/www/cadaver/distinfo +++ b/www/cadaver/distinfo @@ -1,7 +1,11 @@ -$NetBSD: distinfo,v 1.10 2015/11/04 02:46:51 agc Exp $ +$NetBSD: distinfo,v 1.11 2020/04/25 13:47:31 nia Exp $ SHA1 (cadaver-0.23.3.tar.gz) = 4ad8ea2341b77e7dee26b46e4a8a496f1a2962cd RMD160 (cadaver-0.23.3.tar.gz) = 104f687cfd121b091ba2f509b37574509b4ffabd SHA512 (cadaver-0.23.3.tar.gz) = 48fe0a266be0ca7239f325377e5e2a8dc57a5d60466c7160e36c060ad24c09a50727695b9fa931844b1e66e173ebbb838f390d6c60fd07b614bd3b636cd4dd41 Size (cadaver-0.23.3.tar.gz) = 831884 bytes SHA1 (patch-aa) = 6b8391e825d8bc4131fdab4aee7214a0181a9b69 +SHA1 (patch-lib_neon_ne__auth.c) = b3be23038af390d52830e1c00c8313606e79ba96 +SHA1 (patch-lib_neon_ne__gnutls.c) = ab502c65db85b2e2db100dcbaad3f51de3e9e895 +SHA1 (patch-lib_neon_ne__privssl.h) = 83431345d2333423c664ce4f764683b1ee48b571 +SHA1 (patch-lib_neon_ne__socket.c) = effeded3caa19853b1845fdeea4754491f11e009 diff --git a/www/cadaver/patches/patch-lib_neon_ne__auth.c b/www/cadaver/patches/patch-lib_neon_ne__auth.c new file mode 100644 index 00000000000..f50f4413add --- /dev/null +++ b/www/cadaver/patches/patch-lib_neon_ne__auth.c @@ -0,0 +1,24 @@ +$NetBSD: patch-lib_neon_ne__auth.c,v 1.1 2020/04/25 13:47:31 nia Exp $ + +Fix build with newer gnutls. + +--- lib/neon/ne_auth.c.orig 2009-12-02 21:27:34.000000000 +0000 ++++ lib/neon/ne_auth.c +@@ -46,7 +46,7 @@ + #ifdef HAVE_OPENSSL + #include <openssl/rand.h> + #elif defined(HAVE_GNUTLS) +-#include <gcrypt.h> ++#include <gnutls/crypto.h> + #endif + + #include <errno.h> +@@ -316,7 +316,7 @@ static char *get_cnonce(void) + + #ifdef HAVE_GNUTLS + if (1) { +- gcry_create_nonce(data, sizeof data); ++ gnutls_rnd(GNUTLS_RND_NONCE, data, sizeof data); + ne_md5_process_bytes(data, sizeof data, hash); + } + else diff --git a/www/cadaver/patches/patch-lib_neon_ne__gnutls.c b/www/cadaver/patches/patch-lib_neon_ne__gnutls.c new file mode 100644 index 00000000000..834cc9841a5 --- /dev/null +++ b/www/cadaver/patches/patch-lib_neon_ne__gnutls.c @@ -0,0 +1,340 @@ +$NetBSD: patch-lib_neon_ne__gnutls.c,v 1.1 2020/04/25 13:47:31 nia Exp $ + +Fix build with newer gnutls. + +--- lib/neon/ne_gnutls.c.orig 2009-12-02 21:40:41.000000000 +0000 ++++ lib/neon/ne_gnutls.c +@@ -33,15 +33,13 @@ + #include <errno.h> + + #include <gnutls/gnutls.h> ++#include <gnutls/abstract.h> + #include <gnutls/pkcs12.h> + + #ifdef NE_HAVE_TS_SSL + #include <errno.h> + #include <pthread.h> +-#include <gcrypt.h> + GCRY_THREAD_OPTION_PTHREAD_IMPL; +-#else +-#include <gcrypt.h> + #endif + + #ifdef HAVE_ICONV +@@ -67,30 +65,30 @@ struct ne_ssl_dname_s { + gnutls_x509_dn_t dn; + #else + int subject; /* non-zero if this is the subject DN object */ +- gnutls_x509_crt cert; ++ gnutls_x509_crt_t cert; + #endif + }; + + struct ne_ssl_certificate_s { + ne_ssl_dname subj_dn, issuer_dn; +- gnutls_x509_crt subject; ++ gnutls_x509_crt_t subject; + ne_ssl_certificate *issuer; + char *identity; + }; + + struct ne_ssl_client_cert_s { +- gnutls_pkcs12 p12; ++ gnutls_pkcs12_t p12; + int decrypted; /* non-zero if successfully decrypted. */ + int keyless; + ne_ssl_certificate cert; +- gnutls_x509_privkey pkey; ++ gnutls_x509_privkey_t pkey; + char *friendly_name; + }; + + /* Returns the highest used index in subject (or issuer) DN of + * certificate CERT for OID, or -1 if no RDNs are present in the DN + * using that OID. */ +-static int oid_find_highest_index(gnutls_x509_crt cert, int subject, const char *oid) ++static int oid_find_highest_index(gnutls_x509_crt_t cert, int subject, const char *oid) + { + int ret, idx = -1; + +@@ -113,7 +111,7 @@ static int oid_find_highest_index(gnutls + + #ifdef HAVE_ICONV + static void convert_dirstring(ne_buffer *buf, const char *charset, +- gnutls_datum *data) ++ gnutls_datum_t *data) + { + iconv_t id = iconv_open("UTF-8", charset); + size_t inlen = data->size, outlen = buf->length - buf->used; +@@ -150,7 +148,7 @@ static void convert_dirstring(ne_buffer + #define TAG_UNIVERSAL (28) + #define TAG_BMP (30) + +-static void append_dirstring(ne_buffer *buf, gnutls_datum *data, unsigned long tag) ++static void append_dirstring(ne_buffer *buf, gnutls_datum_t *data, unsigned long tag) + { + switch (tag) { + case TAG_UTF8: +@@ -240,7 +238,7 @@ char *ne_ssl_readable_dname(const ne_ssl + + /* Appends the value of RDN with given oid from certitifcate x5 + * subject (if subject is non-zero), or issuer DN to buffer 'buf': */ +-static void append_rdn(ne_buffer *buf, gnutls_x509_crt x5, int subject, const char *oid) ++static void append_rdn(ne_buffer *buf, gnutls_x509_crt_t x5, int subject, const char *oid) + { + int idx, top, ret; + char rdn[50]; +@@ -353,7 +351,7 @@ void ne_ssl_cert_validity_time(const ne_ + * If 'identity' is non-NULL, store the malloc-allocated identity in + * *identity. If 'server' is non-NULL, it must be the network address + * of the server in use, and identity must be NULL. */ +-static int check_identity(const ne_uri *server, gnutls_x509_crt cert, ++static int check_identity(const ne_uri *server, gnutls_x509_crt_t cert, + char **identity) + { + char name[255]; +@@ -460,7 +458,7 @@ static int check_identity(const ne_uri * + * that x5 is owned by returned cert object and must not be otherwise + * freed by the caller. */ + static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert, +- gnutls_x509_crt x5) ++ gnutls_x509_crt_t x5) + { + #ifdef HAVE_NEW_DN_API + gnutls_x509_crt_get_subject(x5, &cert->subj_dn.dn); +@@ -479,12 +477,12 @@ static ne_ssl_certificate *populate_cert + } + + /* Returns a copy certificate of certificate SRC. */ +-static gnutls_x509_crt x509_crt_copy(gnutls_x509_crt src) ++static gnutls_x509_crt_t x509_crt_copy(gnutls_x509_crt_t src) + { + int ret; + size_t size; +- gnutls_datum tmp; +- gnutls_x509_crt dest; ++ gnutls_datum_t tmp; ++ gnutls_x509_crt_t dest; + + if (gnutls_x509_crt_init(&dest) != 0) { + return NULL; +@@ -547,10 +545,10 @@ dup_error: + } + + /* Callback invoked when the SSL server requests a client certificate. */ +-static int provide_client_cert(gnutls_session session, +- const gnutls_datum *req_ca_rdn, int nreqs, +- const gnutls_pk_algorithm *sign_algos, +- int sign_algos_length, gnutls_retr_st *st) ++static int provide_client_cert(gnutls_session_t session, ++ const gnutls_datum_t *req_ca_rdn, int nreqs, ++ const gnutls_pk_algorithm_t *sign_algos, ++ int sign_algos_length, gnutls_retr2_st *st) + { + ne_session *sess = gnutls_session_get_ptr(session); + +@@ -606,11 +604,11 @@ static int provide_client_cert(gnutls_se + } + + if (sess->client_cert) { +- gnutls_certificate_type type = gnutls_certificate_type_get(session); ++ gnutls_certificate_type_t type = gnutls_certificate_type_get(session); + if (type == GNUTLS_CRT_X509) { + NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n"); + +- st->type = type; ++ st->cert_type = type; + st->ncerts = 1; + st->cert.x509 = &sess->client_cert->cert.subject; + st->key.x509 = sess->client_cert->pkey; +@@ -639,8 +637,7 @@ ne_ssl_context *ne_ssl_context_create(in + ne_ssl_context *ctx = ne_calloc(sizeof *ctx); + gnutls_certificate_allocate_credentials(&ctx->cred); + if (flags == NE_SSL_CTX_CLIENT) { +- gnutls_certificate_client_set_retrieve_function(ctx->cred, +- provide_client_cert); ++ gnutls_certificate_set_retrieve_function(ctx->cred, provide_client_cert); + } + gnutls_certificate_set_verify_flags(ctx->cred, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); +@@ -689,9 +686,9 @@ void ne_ssl_context_destroy(ne_ssl_conte + #ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS + /* Return the issuer of the given certificate, or NULL if none can be + * found. */ +-static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list, ++static gnutls_x509_crt_t find_issuer(gnutls_x509_crt_t *ca_list, + unsigned int num_cas, +- gnutls_x509_crt cert) ++ gnutls_x509_crt_t cert) + { + unsigned int n; + +@@ -705,11 +702,11 @@ static gnutls_x509_crt find_issuer(gnutl + #endif + + /* Return the certificate chain sent by the peer, or NULL on error. */ +-static ne_ssl_certificate *make_peers_chain(gnutls_session sock, +- gnutls_certificate_credentials crd) ++static ne_ssl_certificate *make_peers_chain(gnutls_session_t sock, ++ gnutls_certificate_credentials_t crd) + { + ne_ssl_certificate *current = NULL, *top = NULL; +- const gnutls_datum *certs; ++ const gnutls_datum_t *certs; + unsigned int n, count; + ne_ssl_certificate *cert; + +@@ -721,7 +718,7 @@ static ne_ssl_certificate *make_peers_ch + NE_DEBUG(NE_DBG_SSL, "ssl: Got %u certs in peer chain.\n", count); + + for (n = 0; n < count; n++) { +- gnutls_x509_crt x5; ++ gnutls_x509_crt_t x5; + + if (gnutls_x509_crt_init(&x5) || + gnutls_x509_crt_import(x5, &certs[n], GNUTLS_X509_FMT_DER)) { +@@ -746,8 +743,8 @@ static ne_ssl_certificate *make_peers_ch + * in the Certificate list during the handshake. Fill in the + * complete chain manually against the certs we trust: */ + if (current->issuer == NULL) { +- gnutls_x509_crt issuer; +- gnutls_x509_crt *ca_list; ++ gnutls_x509_crt_t issuer; ++ gnutls_x509_crt_t *ca_list; + unsigned int num_cas; + + gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); +@@ -849,7 +846,7 @@ static int check_chain_expiry(ne_ssl_cer + } + + /* Verifies an SSL server certificate. */ +-static int check_certificate(ne_session *sess, gnutls_session sock, ++static int check_certificate(ne_session *sess, gnutls_session_t sock, + ne_ssl_certificate *chain) + { + int ret, failures; +@@ -911,7 +908,7 @@ int ne__negotiate_ssl(ne_session *sess) + { + ne_ssl_context *const ctx = sess->ssl_context; + ne_ssl_certificate *chain; +- gnutls_session sock; ++ gnutls_session_t sock; + + NE_DEBUG(NE_DBG_SSL, "Negotiating SSL connection.\n"); + +@@ -980,7 +977,7 @@ const char *ne_ssl_cert_identity(const n + + void ne_ssl_context_trustcert(ne_ssl_context *ctx, const ne_ssl_certificate *cert) + { +- gnutls_x509_crt certs = cert->subject; ++ gnutls_x509_crt_t certs = cert->subject; + gnutls_certificate_set_x509_trust(ctx->cred, &certs, 1); + } + +@@ -994,7 +991,7 @@ void ne_ssl_trust_default_ca(ne_session + } + + /* Read the contents of file FILENAME into *DATUM. */ +-static int read_to_datum(const char *filename, gnutls_datum *datum) ++static int read_to_datum(const char *filename, gnutls_datum_t *datum) + { + FILE *f = fopen(filename, "r"); + ne_buffer *buf; +@@ -1026,11 +1023,11 @@ static int read_to_datum(const char *fil + /* Parses a PKCS#12 structure and loads the certificate, private key + * and friendly name if possible. Returns zero on success, non-zero + * on error. */ +-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, +- gnutls_x509_crt *x5, char **friendly_name, ++static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey_t *pkey, ++ gnutls_x509_crt_t *x5, char **friendly_name, + const char *password) + { +- gnutls_pkcs12_bag bag = NULL; ++ gnutls_pkcs12_bag_t bag = NULL; + int i, j, ret = 0; + + for (i = 0; ret == 0; ++i) { +@@ -1045,8 +1042,8 @@ static int pkcs12_parse(gnutls_pkcs12 p1 + gnutls_pkcs12_bag_decrypt(bag, password); + + for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { +- gnutls_pkcs12_bag_type type; +- gnutls_datum data; ++ gnutls_pkcs12_bag_type_t type; ++ gnutls_datum_t data; + + if (friendly_name && *friendly_name == NULL) { + char *name = NULL; +@@ -1113,12 +1110,12 @@ static int pkcs12_parse(gnutls_pkcs12 p1 + ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) + { + int ret; +- gnutls_datum data; +- gnutls_pkcs12 p12; ++ gnutls_datum_t data; ++ gnutls_pkcs12_t p12; + ne_ssl_client_cert *cc; + char *friendly_name = NULL; +- gnutls_x509_crt cert = NULL; +- gnutls_x509_privkey pkey = NULL; ++ gnutls_x509_crt_t cert = NULL; ++ gnutls_x509_privkey_t pkey = NULL; + + if (read_to_datum(filename, &data)) + return NULL; +@@ -1162,8 +1159,8 @@ ne_ssl_client_cert *ne__ssl_clicert_exke + size_t der_len) + { + ne_ssl_client_cert *cc; +- gnutls_x509_crt x5; +- gnutls_datum datum; ++ gnutls_x509_crt_t x5; ++ gnutls_datum_t datum; + + datum.data = (unsigned char *)der; + datum.size = der_len; +@@ -1190,8 +1187,8 @@ int ne_ssl_clicert_encrypted(const ne_ss + int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password) + { + int ret; +- gnutls_x509_crt cert = NULL; +- gnutls_x509_privkey pkey = NULL; ++ gnutls_x509_crt_t cert = NULL; ++ gnutls_x509_privkey_t pkey = NULL; + + if (gnutls_pkcs12_verify_mac(cc->p12, password) != 0) { + return -1; +@@ -1228,8 +1225,8 @@ const char *ne_ssl_clicert_name(const ne + ne_ssl_certificate *ne_ssl_cert_read(const char *filename) + { + int ret; +- gnutls_datum data; +- gnutls_x509_crt x5; ++ gnutls_datum_t data; ++ gnutls_x509_crt_t x5; + + if (read_to_datum(filename, &data)) + return NULL; +@@ -1300,8 +1297,8 @@ ne_ssl_certificate *ne_ssl_cert_import(c + int ret; + size_t len; + unsigned char *der; +- gnutls_datum buffer = { NULL, 0 }; +- gnutls_x509_crt x5; ++ gnutls_datum_t buffer = { NULL, 0 }; ++ gnutls_x509_crt_t x5; + + if (gnutls_x509_crt_init(&x5) != 0) + return NULL; +@@ -1369,10 +1366,6 @@ int ne_ssl_cert_digest(const ne_ssl_cert + + int ne__ssl_init(void) + { +-#ifdef NE_HAVE_TS_SSL +- gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); +-#endif +- gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); + return gnutls_global_init(); + } + diff --git a/www/cadaver/patches/patch-lib_neon_ne__privssl.h b/www/cadaver/patches/patch-lib_neon_ne__privssl.h new file mode 100644 index 00000000000..621a324ad4e --- /dev/null +++ b/www/cadaver/patches/patch-lib_neon_ne__privssl.h @@ -0,0 +1,37 @@ +$NetBSD: patch-lib_neon_ne__privssl.h,v 1.1 2020/04/25 13:47:31 nia Exp $ + +Fix build with newer gnutls. + +--- lib/neon/ne_privssl.h.orig 2009-09-02 14:04:43.000000000 +0000 ++++ lib/neon/ne_privssl.h +@@ -59,7 +59,7 @@ ne__ssl_clicert_exkey_import(const unsig + #include <gnutls/gnutls.h> + + struct ne_ssl_context_s { +- gnutls_certificate_credentials cred; ++ gnutls_certificate_credentials_t cred; + int verify; /* non-zero if client cert verification required */ + + const char *hostname; /* for SNI */ +@@ -67,10 +67,10 @@ struct ne_ssl_context_s { + /* Session cache. */ + union ne_ssl_scache { + struct { +- gnutls_datum key, data; ++ gnutls_datum_t key, data; + } server; + #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) +- gnutls_datum client; ++ gnutls_datum_t client; + #else + struct { + char *data; +@@ -85,7 +85,7 @@ struct ne_ssl_context_s { + #endif + }; + +-typedef gnutls_session ne_ssl_socket; ++typedef gnutls_session_t ne_ssl_socket; + + NE_PRIVATE ne_ssl_client_cert * + ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len); diff --git a/www/cadaver/patches/patch-lib_neon_ne__socket.c b/www/cadaver/patches/patch-lib_neon_ne__socket.c new file mode 100644 index 00000000000..3ace7b8e537 --- /dev/null +++ b/www/cadaver/patches/patch-lib_neon_ne__socket.c @@ -0,0 +1,90 @@ +$NetBSD: patch-lib_neon_ne__socket.c,v 1.1 2020/04/25 13:47:31 nia Exp $ + +Fix build with newer gnutls. + +--- lib/neon/ne_socket.c.orig 2009-12-02 21:27:34.000000000 +0000 ++++ lib/neon/ne_socket.c +@@ -1608,14 +1608,14 @@ void ne_sock_connect_timeout(ne_socket * + * session. */ + + /* Copy datum 'src' to 'dest'. */ +-static void copy_datum(gnutls_datum *dest, gnutls_datum *src) ++static void copy_datum(gnutls_datum_t *dest, gnutls_datum_t *src) + { + dest->size = src->size; + dest->data = memcpy(gnutls_malloc(src->size), src->data, src->size); + } + + /* Callback to store a session 'data' with id 'key'. */ +-static int store_sess(void *userdata, gnutls_datum key, gnutls_datum data) ++static int store_sess(void *userdata, gnutls_datum_t key, gnutls_datum_t data) + { + ne_ssl_context *ctx = userdata; + +@@ -1631,17 +1631,17 @@ static int store_sess(void *userdata, gn + } + + /* Returns non-zero if d1 and d2 are the same datum. */ +-static int match_datum(gnutls_datum *d1, gnutls_datum *d2) ++static int match_datum(gnutls_datum_t *d1, gnutls_datum_t *d2) + { + return d1->size == d2->size + && memcmp(d1->data, d2->data, d1->size) == 0; + } + + /* Callback to retrieve a session of id 'key'. */ +-static gnutls_datum retrieve_sess(void *userdata, gnutls_datum key) ++static gnutls_datum_t retrieve_sess(void *userdata, gnutls_datum_t key) + { + ne_ssl_context *ctx = userdata; +- gnutls_datum ret = { NULL, 0 }; ++ gnutls_datum_t ret = { NULL, 0 }; + + if (match_datum(&ctx->cache.server.key, &key)) { + copy_datum(&ret, &ctx->cache.server.data); +@@ -1652,7 +1652,7 @@ static gnutls_datum retrieve_sess(void * + + /* Callback to remove a session of id 'key'; stub needed but + * implementation seems unnecessary. */ +-static int remove_sess(void *userdata, gnutls_datum key) ++static int remove_sess(void *userdata, gnutls_datum_t key) + { + return -1; + } +@@ -1678,6 +1678,8 @@ int ne_sock_accept_ssl(ne_socket *sock, + NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); + } + #elif defined(HAVE_GNUTLS) ++ unsigned int verify_status; ++ + gnutls_init(&ssl, GNUTLS_SERVER); + gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); + gnutls_set_default_priority(ssl); +@@ -1689,15 +1691,15 @@ int ne_sock_accept_ssl(ne_socket *sock, + gnutls_db_set_ptr(ssl, ctx); + + if (ctx->verify) +- gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUEST); ++ gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUIRE); + + sock->ssl = ssl; +- gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr)(long)sock->fd); ++ gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr_t)(long)sock->fd); + ret = gnutls_handshake(ssl); + if (ret < 0) { + return error_gnutls(sock, ret); + } +- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { ++ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) { + set_error(sock, _("Client certificate verification failed")); + return NE_SOCK_ERROR; + } +@@ -1774,7 +1776,7 @@ int ne_sock_connect_ssl(ne_socket *sock, + strlen(ctx->hostname)); + } + +- gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr)(long)sock->fd); ++ gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr_t)(long)sock->fd); + + if (ctx->cache.client.data) { + #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) |