1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-12-04 14:46:47 -05:00

bug 1115: Avoid deprecated functions when compile --with-gnutls

This commit is contained in:
witekfl 2011-04-28 18:21:40 +02:00
parent 5a99cca30b
commit b228fe82ab
2 changed files with 10 additions and 9 deletions

View File

@ -74,14 +74,9 @@ ssl_set_no_tls(struct socket *socket)
((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
#elif defined(CONFIG_GNUTLS)
{
/* GnuTLS does not support SSLv2 because it is "insecure".
* That leaves only SSLv3. */
static const int protocol_priority[] = {
GNUTLS_SSL3,
0
};
const char *error;
gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
gnutls_priority_set_direct(*(ssl_t *) socket->ssl, "SECURE", &error);
}
#endif
}
@ -89,6 +84,8 @@ ssl_set_no_tls(struct socket *socket)
static void
ssl_want_read(struct socket *socket)
{
unsigned int status;
if (socket->no_tls)
ssl_set_no_tls(socket);
@ -96,7 +93,7 @@ ssl_want_read(struct socket *socket)
case SSL_ERROR_NONE:
#ifdef CONFIG_GNUTLS
if (get_opt_bool("connection.ssl.cert_verify", NULL)
&& gnutls_certificate_verify_peers(*((ssl_t *) socket->ssl))) {
&& gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status)) {
socket->ops->retry(socket, connection_state(S_SSL_ERROR));
return;
}
@ -121,6 +118,7 @@ int
ssl_connect(struct socket *socket)
{
int ret;
unsigned int status;
if (init_ssl_connection(socket) == S_SSL_ERROR) {
socket->ops->done(socket, connection_state(S_SSL_ERROR));
@ -198,7 +196,7 @@ ssl_connect(struct socket *socket)
if (!get_opt_bool("connection.ssl.cert_verify", NULL))
break;
if (!gnutls_certificate_verify_peers(*((ssl_t *) socket->ssl)))
if (!gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status))
#endif
break;

View File

@ -287,12 +287,15 @@ init_ssl_connection(struct socket *socket)
#else
gnutls_set_default_priority(*state);
#endif
#if 0
/* Deprecated functions */
/* gnutls_handshake_set_private_extensions(*state, 1); */
gnutls_cipher_set_priority(*state, cipher_priority);
gnutls_kx_set_priority(*state, kx_priority);
/* gnutls_certificate_type_set_priority(*state, cert_type_priority);
gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name,
sizeof(server_name) - 1); */
#endif
socket->ssl = state;
#endif