http: Revamp TLS API.

* configure.ac (NEED_GNUTLS_VERSION): New.
(HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst.

* common/http.h (http_session_t): New.
* common/http.c: Remove compatibility for gnutls < 3.0.
(http_session_s): New.
(cookie_s): Replace gnutls_session_t by http_session_t.
(tls_callback, tls_ca_certlist): New variables.
(my_socket_unref): Add preclose args.
(my_npth_read, my_npth_write): New.
(make_header_line): Fix bug using int* instead of char*.
(http_register_tls_callback): New.
(http_register_tls_ca): New.
(http_session_new): New.
(http_session_release): New.
(http_get_header_names): New.
(escape_data): Add hack to escape in forms mode.
(send_request) [HTTP_USE_GNUTLS]: Support SNI.
(send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
(send_gnutls_bye): New.
(cookie_close): Make use of preclose feature.
(http_verify_server_credentials): New.
(main) [TEST]: Remove test code.
* common/t-http.c: New.
* common/tls-ca.pem: New.
* common/Makefile.am (tls_sources): New. Move http code to here.
(libcommontls_a_SOURCES): New.
(libcommontlsnpth_a_SOURCES): New.
(EXTRA_DIST): Add tls-ca.pem
(module_maint_tests): Add t-http.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.

* dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth.
--

This new TLS API for http.c is much more flexible than the crude old
hack.

1 files changed, 23 insertions, 5 deletions

diff --git a/common/Makefile.am b/common/Makefile.am
index f1cf28c89..439c29ba9 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -20,9 +20,10 @@
 
 EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk ChangeLog-2011 \
              audit-events.h status-codes.h README.jnlib ChangeLog.jnlib \
-	     ChangeLog-2011.include w32info-rc.h.in gnupg.ico
+	     ChangeLog-2011.include w32info-rc.h.in gnupg.ico tls-ca.pem
 
-noinst_LIBRARIES = libcommon.a libcommonpth.a libgpgrl.a
+noinst_LIBRARIES = libcommon.a libcommonpth.a libgpgrl.a \
+                   libcommontls.a libcommontlsnpth.a
 if !HAVE_W32CE_SYSTEM
 noinst_LIBRARIES += libsimple-pwquery.a
 endif
@@ -88,7 +89,6 @@ common_sources = \
 	srv.h \
 	dns-cert.c dns-cert.h \
 	pka.c pka.h \
-	http.c http.h \
 	localename.c \
 	session-env.c session-env.h \
 	userids.c userids.h \
@@ -97,6 +97,12 @@ common_sources = \
 	agent-opt.c \
 	helpfile.c
 
+# Sources possible requiring a TLS library are put into a separate
+# conveince library.
+tls_sources = \
+	http.c http.h
+
+
 # To make the code easier to read we have split home some code into
 # separate source files.
 if HAVE_W32_SYSTEM
@@ -126,6 +132,12 @@ libcommonpth_a_SOURCES += srv.c
 endif
 libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
 
+libcommontls_a_SOURCES = $(tls_sources)
+libcommontls_a_CFLAGS = $(AM_CFLAGS) $(LIBGNUTLS_CFLAGS) -DWITHOUT_NPTH=1
+
+libcommontlsnpth_a_SOURCES = $(tls_sources)
+libcommontlsnpth_a_CFLAGS = $(AM_CFLAGS) $(LIBGNUTLS_CFLAGS) $(NPTH_CFLAGS)
+
 if !HAVE_W32CE_SYSTEM
 libsimple_pwquery_a_SOURCES = \
 	simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h
@@ -170,11 +182,12 @@ module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil \
 if !HAVE_W32CE_SYSTEM
 module_tests += t-exechelp
 endif
-module_maint_tests = t-helpfile t-b64
+module_maint_tests = t-helpfile t-b64 t-http
 
 
 t_common_ldadd = libcommon.a ../gl/libgnu.a \
-                 $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+                 $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
+	         $(LIBINTL) $(LIBICONV)
 
 # jnlib tests
 t_stringhelp_SOURCES = t-stringhelp.c $(t_jnlib_src)
@@ -203,3 +216,8 @@ t_ssh_utils_LDADD = $(t_common_ldadd)
 t_dns_cert_LDADD = $(t_common_ldadd) $(DNSLIBS)
 t_mapstrings_LDADD = $(t_common_ldadd)
 t_zb32_LDADD = $(t_common_ldadd)
+
+# http tests
+t_http_SOURCES = t-http.c
+t_http_CFLAGS  = $(t_common_cflags) $(LIBGNUTLS_CFLAGS)
+t_http_LDADD   = $(libcommontls) $(t_common_ldadd) $(LIBGNUTLS_LIBS) $(DNSLIBS)