From b228fe82ab7c8bf79f7ab67b957e4fe72708ff58 Mon Sep 17 00:00:00 2001
From: witekfl <witekfl@poczta.onet.pl>
Date: Thu, 28 Apr 2011 18:21:40 +0200
Subject: [PATCH] bug 1115: Avoid deprecated functions when compile
 --with-gnutls

---
 src/network/ssl/socket.c | 16 +++++++---------
 src/network/ssl/ssl.c    |  3 +++
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c
index 1acf9d50..0834dc83 100644
--- a/src/network/ssl/socket.c
+++ b/src/network/ssl/socket.c
@@ -74,14 +74,9 @@ ssl_set_no_tls(struct socket *socket)
 	((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
 #elif defined(CONFIG_GNUTLS)
 	{
-		/* GnuTLS does not support SSLv2 because it is "insecure".
-		 * That leaves only SSLv3.  */
-		static const int protocol_priority[] = {
-			GNUTLS_SSL3,
-			0
-		};
+		const char *error;
 
-		gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
+		gnutls_priority_set_direct(*(ssl_t *) socket->ssl, "SECURE", &error);
 	}
 #endif
 }
@@ -89,6 +84,8 @@ ssl_set_no_tls(struct socket *socket)
 static void
 ssl_want_read(struct socket *socket)
 {
+	unsigned int status;
+
 	if (socket->no_tls)
 		ssl_set_no_tls(socket);
 
@@ -96,7 +93,7 @@ ssl_want_read(struct socket *socket)
 		case SSL_ERROR_NONE:
 #ifdef CONFIG_GNUTLS
 			if (get_opt_bool("connection.ssl.cert_verify", NULL)
-			    && gnutls_certificate_verify_peers(*((ssl_t *) socket->ssl))) {
+			    && gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status)) {
 				socket->ops->retry(socket, connection_state(S_SSL_ERROR));
 				return;
 			}
@@ -121,6 +118,7 @@ int
 ssl_connect(struct socket *socket)
 {
 	int ret;
+	unsigned int status;
 
 	if (init_ssl_connection(socket) == S_SSL_ERROR) {
 		socket->ops->done(socket, connection_state(S_SSL_ERROR));
@@ -198,7 +196,7 @@ ssl_connect(struct socket *socket)
 			if (!get_opt_bool("connection.ssl.cert_verify", NULL))
 				break;
 
-			if (!gnutls_certificate_verify_peers(*((ssl_t *) socket->ssl)))
+			if (!gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status))
 #endif
 				break;
 
diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index 724f38db..bb10d279 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -287,12 +287,15 @@ init_ssl_connection(struct socket *socket)
 #else
 	gnutls_set_default_priority(*state);
 #endif
+#if 0
+	/* Deprecated functions */
 	/* gnutls_handshake_set_private_extensions(*state, 1); */
 	gnutls_cipher_set_priority(*state, cipher_priority);
 	gnutls_kx_set_priority(*state, kx_priority);
 	/* gnutls_certificate_type_set_priority(*state, cert_type_priority);
 	gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name,
 			       sizeof(server_name) - 1); */
+#endif
 
 	socket->ssl = state;
 #endif