See inline comments below.
Am 07.09.2011 15:02, schrieb Gerd Hoffmann:
Avoid using depricated gnutls functions with recent
gnutls versions.
deprecated?
Fixes build failure on Fedora 16. Keep the old way for
compatibility
with old installations such as RHEL-5 (gnutls 1.4.x).
Based on a patch from Raghavendra D Prabhu
<address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
---
ui/vnc-tls.c | 62
++++++++++++++++++++++++++++++++++++++++-----------------
1 files changed, 43 insertions(+), 19 deletions(-)
diff --git a/ui/vnc-tls.c b/ui/vnc-tls.c
index 2e2456e..276e127 100644
--- a/ui/vnc-tls.c
+++ b/ui/vnc-tls.c
@@ -283,13 +283,51 @@ int vnc_tls_validate_certificate(struct VncState
*vs)
return 0;
}
+#if defined(GNUTLS_VERSION_NUMBER) && \
+ GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */
+
+static int vnc_set_gnutls_priority(struct VncState *vs, int
needX509Creds)
Replace the first argument by gnutls_session_t session.
This simplifies the code.
+{
+ const char *priority = needX509Creds ? "NORMAL" : "NORMAL:+ANON-DH";
+
+ if (gnutls_priority_set_direct(vs->tls.session, priority, NULL)
< 0) {
Even if this works, testing for != GNUTLS_E_SUCCESS would be
better because GNUTLS_E_SUCCESS is the return value for success
according to the manual.
The same applies to the other function calls below as well.
+ return -1;
+ }
+ return 0;
+}
+
+#else
+
+static int vnc_set_gnutls_priority(struct VncState *vs, int x509)
Replace the first argument by gnutls_session_t session.
+{
+ static const int cert_types[] = { GNUTLS_CRT_X509, 0 };
+ static const int protocols[] = {
+ GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0
+ };
+ static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 };
+ static const int kx_x509[] = {
+ GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
+ GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0
+ };
+
+ if (gnutls_kx_set_priority(vs->tls.session, x509 ? kx_x509 :
kx_anon) < 0) {
+ return -1;
+ }
+
+ if (gnutls_certificate_type_set_priority(vs->tls.session,
cert_types) < 0) {
+ return -1;
+ }
+
+ if (gnutls_protocol_set_priority(vs->tls.session, protocols) <
0) {
+ return -1;
+ }
+ return 0;
+}
+
+#endif
int vnc_tls_client_setup(struct VncState *vs,
int needX509Creds) {
- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0,
GNUTLS_SSL3, 0 };
- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
VNC_DEBUG("Do TLS setup\n");
if (vnc_tls_initialize() < 0) {
@@ -310,21 +348,7 @@ int vnc_tls_client_setup(struct VncState *vs,
return -1;
}
- if (gnutls_kx_set_priority(vs->tls.session, needX509Creds ?
kx_x509 : kx_anon) < 0) {
- gnutls_deinit(vs->tls.session);
- vs->tls.session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_certificate_type_set_priority(vs->tls.session,
cert_type_priority) < 0) {
- gnutls_deinit(vs->tls.session);
- vs->tls.session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_protocol_set_priority(vs->tls.session,
protocol_priority) < 0) {
+ if (vnc_set_gnutls_priority(vs, needX509Creds) < 0) {
Use vs->tls.session as first argument.
gnutls_deinit(vs->tls.session);
vs->tls.session = NULL;
vnc_client_error(vs);
|