From 5a32540f7b39f0b1224c3d6f1d12b6d4e358fe0a Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Wed, 7 Sep 2011 17:52:10 +0200 Subject: [PATCH] vns/tls: don't use depricated gnutls functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid using deprecated gnutls functions with recent gnutls versions. Fixes build failure on Fedora 16. Keep the old way for compatibility with old installations such as RHEL-5 (gnutls 1.4.x). Based on a patch from Raghavendra D Prabhu Signed-off-by: Gerd Hoffmann Signed-off-by: Anthony Liguori (cherry picked from commit f40d55081667a716312b9a8b6e13835c4074f56b) Signed-off-by: Bruce Rogers Signed-off-by: Andreas Färber --- ui/vnc-tls.c | 68 +++++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 49 insertions(+), 19 deletions(-) diff --git a/ui/vnc-tls.c b/ui/vnc-tls.c index 31f1467..f5ed306 100644 --- a/ui/vnc-tls.c +++ b/ui/vnc-tls.c @@ -283,13 +283,57 @@ int vnc_tls_validate_certificate(struct VncState *vs) return 0; } +#if defined(GNUTLS_VERSION_NUMBER) && \ + GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */ + +static int vnc_set_gnutls_priority(gnutls_session_t s, int x509) +{ + const char *priority = x509 ? "NORMAL" : "NORMAL:+ANON-DH"; + int rc; + + rc = gnutls_priority_set_direct(s, priority, NULL); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + return 0; +} + +#else + +static int vnc_set_gnutls_priority(gnutls_session_t s, int x509) +{ + static const int cert_types[] = { GNUTLS_CRT_X509, 0 }; + static const int protocols[] = { + GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 + }; + static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 }; + static const int kx_x509[] = { + GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, + GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 + }; + int rc; + + rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + + rc = gnutls_certificate_type_set_priority(s, cert_types); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + + rc = gnutls_protocol_set_priority(s, protocols); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + return 0; +} + +#endif int vnc_tls_client_setup(struct VncState *vs, int needX509Creds) { - static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; - static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; - static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0}; - static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; VNC_DEBUG("Do TLS setup\n"); if (vnc_tls_initialize() < 0) { @@ -310,21 +354,7 @@ int vnc_tls_client_setup(struct VncState *vs, return -1; } - if (gnutls_kx_set_priority(vs->tls.session, needX509Creds ? kx_x509 : kx_anon) < 0) { - gnutls_deinit(vs->tls.session); - vs->tls.session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_certificate_type_set_priority(vs->tls.session, cert_type_priority) < 0) { - gnutls_deinit(vs->tls.session); - vs->tls.session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_protocol_set_priority(vs->tls.session, protocol_priority) < 0) { + if (vnc_set_gnutls_priority(vs->tls.session, needX509Creds) < 0) { gnutls_deinit(vs->tls.session); vs->tls.session = NULL; vnc_client_error(vs); -- 1.7.11.2