117 lines
3.7 KiB
Diff
117 lines
3.7 KiB
Diff
From 5a32540f7b39f0b1224c3d6f1d12b6d4e358fe0a Mon Sep 17 00:00:00 2001
|
|
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
Date: Wed, 7 Sep 2011 17:52:10 +0200
|
|
Subject: [PATCH] vns/tls: don't use depricated gnutls functions
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Avoid using deprecated gnutls functions with recent gnutls versions.
|
|
Fixes build failure on Fedora 16. Keep the old way for compatibility
|
|
with old installations such as RHEL-5 (gnutls 1.4.x).
|
|
|
|
Based on a patch from Raghavendra D Prabhu <raghu.prabhu13@gmail.com>
|
|
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
(cherry picked from commit f40d55081667a716312b9a8b6e13835c4074f56b)
|
|
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
---
|
|
ui/vnc-tls.c | 68 +++++++++++++++++++++++++++++++++++++++++++-----------------
|
|
1 file changed, 49 insertions(+), 19 deletions(-)
|
|
|
|
diff --git a/ui/vnc-tls.c b/ui/vnc-tls.c
|
|
index 31f1467..f5ed306 100644
|
|
--- a/ui/vnc-tls.c
|
|
+++ b/ui/vnc-tls.c
|
|
@@ -283,13 +283,57 @@ int vnc_tls_validate_certificate(struct VncState *vs)
|
|
return 0;
|
|
}
|
|
|
|
+#if defined(GNUTLS_VERSION_NUMBER) && \
|
|
+ GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */
|
|
+
|
|
+static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
|
|
+{
|
|
+ const char *priority = x509 ? "NORMAL" : "NORMAL:+ANON-DH";
|
|
+ int rc;
|
|
+
|
|
+ rc = gnutls_priority_set_direct(s, priority, NULL);
|
|
+ if (rc != GNUTLS_E_SUCCESS) {
|
|
+ return -1;
|
|
+ }
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+#else
|
|
+
|
|
+static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
|
|
+{
|
|
+ static const int cert_types[] = { GNUTLS_CRT_X509, 0 };
|
|
+ static const int protocols[] = {
|
|
+ GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0
|
|
+ };
|
|
+ static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 };
|
|
+ static const int kx_x509[] = {
|
|
+ GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
|
|
+ GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0
|
|
+ };
|
|
+ int rc;
|
|
+
|
|
+ rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon);
|
|
+ if (rc != GNUTLS_E_SUCCESS) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ rc = gnutls_certificate_type_set_priority(s, cert_types);
|
|
+ if (rc != GNUTLS_E_SUCCESS) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ rc = gnutls_protocol_set_priority(s, protocols);
|
|
+ if (rc != GNUTLS_E_SUCCESS) {
|
|
+ return -1;
|
|
+ }
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+#endif
|
|
|
|
int vnc_tls_client_setup(struct VncState *vs,
|
|
int needX509Creds) {
|
|
- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
|
|
- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
|
|
- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
|
|
- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
|
|
|
|
VNC_DEBUG("Do TLS setup\n");
|
|
if (vnc_tls_initialize() < 0) {
|
|
@@ -310,21 +354,7 @@ int vnc_tls_client_setup(struct VncState *vs,
|
|
return -1;
|
|
}
|
|
|
|
- if (gnutls_kx_set_priority(vs->tls.session, needX509Creds ? kx_x509 : kx_anon) < 0) {
|
|
- gnutls_deinit(vs->tls.session);
|
|
- vs->tls.session = NULL;
|
|
- vnc_client_error(vs);
|
|
- return -1;
|
|
- }
|
|
-
|
|
- if (gnutls_certificate_type_set_priority(vs->tls.session, cert_type_priority) < 0) {
|
|
- gnutls_deinit(vs->tls.session);
|
|
- vs->tls.session = NULL;
|
|
- vnc_client_error(vs);
|
|
- return -1;
|
|
- }
|
|
-
|
|
- if (gnutls_protocol_set_priority(vs->tls.session, protocol_priority) < 0) {
|
|
+ if (vnc_set_gnutls_priority(vs->tls.session, needX509Creds) < 0) {
|
|
gnutls_deinit(vs->tls.session);
|
|
vs->tls.session = NULL;
|
|
vnc_client_error(vs);
|
|
--
|
|
1.7.11.2
|
|
|