Re: [Bug-wget] [PATCH] GnuTLS certificate loading

[Giuseppe Scrivano]

Tim Rühsen <address@hidden> writes:

> Some improvements to gnutls.c, especially improved certificate loading.

thanks for the patch but it doesn't seem to apply to origin/master.

On what version is it based?  Could you please rebase it on master?


> diff --git a/src/gnutls.c b/src/gnutls.c
> index d90f46a..1661fb3 100644
> --- a/src/gnutls.c
> +++ b/src/gnutls.c
> @@ -46,6 +46,7 @@ as that of the covered work.  */
>  #include "connect.h"
>  #include "url.h"
>  #include "ptimer.h"
> +#include "hash.h"
>  #include "ssl.h"

can you please add an explicit dependency to the "hash" module in 
bootstrap.conf?


> +#if GNUTLS_VERSION_MAJOR >= 3
> +  if (!opt.ca_directory)
> +    ncerts = gnutls_certificate_set_x509_system_trust(credentials);
> +#endif

missing empty space after '('.  This is not the only occurrence I have seen.

+    ncerts = gnutls_certificate_set_x509_system_trust (credentials);


> +  _CHECK_CERT(GNUTLS_CERT_INVALID, "The certificate of %s is not 
> trusted.\n");
> +  _CHECK_CERT(GNUTLS_CERT_SIGNER_NOT_FOUND, "The certificate of %s hasn't 
> got a known issuer.\n");
> +  _CHECK_CERT(GNUTLS_CERT_REVOKED, "The certificate of %s has been 
> revoked.\n");
> +  _CHECK_CERT(GNUTLS_CERT_SIGNER_NOT_CA, "The certificate signer of %s was 
> not a CA.\n");
> +  _CHECK_CERT(GNUTLS_CERT_INSECURE_ALGORITHM, "The certificate of %s was 
> signed using an insecure algorithm.\n");
> +  _CHECK_CERT(GNUTLS_CERT_NOT_ACTIVATED, "The certificate of %s is not yet 
> activated.\n");
> +  _CHECK_CERT(GNUTLS_CERT_EXPIRED, "The certificate of %s has expired.\n");

I don't think that xgettext will parse these strings, can you please
change them to (and adapt the macro as well):

 _CHECK_CERT (GNUTLS_CERT_INVALID, _("The certificate of %s is not 
trusted.\n"));


The rest of the patch seems correct to me.

Thanks,
Giuseppe