aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2024-12-04 14:46:47 -05:00
Code

bug 1115: Avoid deprecated functions when compile --with-gnutls

Browse Source
This commit is contained in:
witekfl 2011-04-28 18:21:40 +02:00
parent 5a99cca30b
commit b228fe82ab
2 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/network/ssl/socket.c
View File

@ -74,14 +74,9 @@ ssl_set_no_tls(struct socket *socket)
((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1; ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
#elif defined(CONFIG_GNUTLS) #elif defined(CONFIG_GNUTLS)
{ {
/* GnuTLS does not support SSLv2 because it is "insecure". const char *error;
* That leaves only SSLv3. */
static const int protocol_priority[] = {
GNUTLS_SSL3,
0
};
gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority); gnutls_priority_set_direct(*(ssl_t *) socket->ssl, "SECURE", &error);
} }
#endif #endif
} }
@ -89,6 +84,8 @@ ssl_set_no_tls(struct socket *socket)
static void static void
ssl_want_read(struct socket *socket) ssl_want_read(struct socket *socket)
{ {
unsigned int status;
if (socket->no_tls) if (socket->no_tls)
ssl_set_no_tls(socket); ssl_set_no_tls(socket);
@ -96,7 +93,7 @@ ssl_want_read(struct socket *socket)
case SSL_ERROR_NONE: case SSL_ERROR_NONE:
#ifdef CONFIG_GNUTLS #ifdef CONFIG_GNUTLS
if (get_opt_bool("connection.ssl.cert_verify", NULL) if (get_opt_bool("connection.ssl.cert_verify", NULL)
&& gnutls_certificate_verify_peers(*((ssl_t *) socket->ssl))) { && gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status)) {
socket->ops->retry(socket, connection_state(S_SSL_ERROR)); socket->ops->retry(socket, connection_state(S_SSL_ERROR));
return; return;
} }
@ -121,6 +118,7 @@ int
ssl_connect(struct socket *socket) ssl_connect(struct socket *socket)
{ {
int ret; int ret;
unsigned int status;
if (init_ssl_connection(socket) == S_SSL_ERROR) { if (init_ssl_connection(socket) == S_SSL_ERROR) {
socket->ops->done(socket, connection_state(S_SSL_ERROR)); socket->ops->done(socket, connection_state(S_SSL_ERROR));
@ -198,7 +196,7 @@ ssl_connect(struct socket *socket)
if (!get_opt_bool("connection.ssl.cert_verify", NULL)) if (!get_opt_bool("connection.ssl.cert_verify", NULL))
break; break;
if (!gnutls_certificate_verify_peers(*((ssl_t *) socket->ssl))) if (!gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status))
#endif #endif
break; break;

3
src/network/ssl/ssl.c
View File

@ -287,12 +287,15 @@ init_ssl_connection(struct socket *socket)
#else #else
gnutls_set_default_priority(*state); gnutls_set_default_priority(*state);
#endif #endif
#if 0
/* Deprecated functions */
/* gnutls_handshake_set_private_extensions(*state, 1); */ /* gnutls_handshake_set_private_extensions(*state, 1); */
gnutls_cipher_set_priority(*state, cipher_priority); gnutls_cipher_set_priority(*state, cipher_priority);
gnutls_kx_set_priority(*state, kx_priority); gnutls_kx_set_priority(*state, kx_priority);
/* gnutls_certificate_type_set_priority(*state, cert_type_priority); /* gnutls_certificate_type_set_priority(*state, cert_type_priority);
gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name, gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name,
sizeof(server_name) - 1); */ sizeof(server_name) - 1); */
#endif
socket->ssl = state; socket->ssl = state;
#endif #endif