bug 1115: Avoid deprecated functions when compile --with-gnutls

2024-12-04 14:46:47 -05:00 · 2011-04-28 18:21:40 +02:00 · 2011-04-28 18:21:40 +02:00 · b228fe82ab
commit b228fe82ab
parent 5a99cca30b
2 changed files with 10 additions and 9 deletions
--- a/src/network/ssl/socket.c
+++ b/src/network/ssl/socket.c
@ -74,14 +74,9 @@ ssl_set_no_tls(struct socket *socket)
 	((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
 #elif defined(CONFIG_GNUTLS)
 	{
-		/* GnuTLS does not support SSLv2 because it is "insecure".
-		 * That leaves only SSLv3.  */
-		static const int protocol_priority[] = {
-			GNUTLS_SSL3,
-			0
-		};
+		const char *error;

-		gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
+		gnutls_priority_set_direct(*(ssl_t *) socket->ssl, "SECURE", &error);
 	}
 #endif
 }
@ -89,6 +84,8 @@ ssl_set_no_tls(struct socket *socket)
 static void
 ssl_want_read(struct socket *socket)
 {
+	unsigned int status;
+
 	if (socket->no_tls)
 		ssl_set_no_tls(socket);

@ -96,7 +93,7 @@ ssl_want_read(struct socket *socket)
 		case SSL_ERROR_NONE:
 #ifdef CONFIG_GNUTLS
 			if (get_opt_bool("connection.ssl.cert_verify", NULL)
-			    && gnutls_certificate_verify_peers(*((ssl_t *) socket->ssl))) {
+			    && gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status)) {
 				socket->ops->retry(socket, connection_state(S_SSL_ERROR));
 				return;
 			}
@ -121,6 +118,7 @@ int
 ssl_connect(struct socket *socket)
 {
 	int ret;
+	unsigned int status;

 	if (init_ssl_connection(socket) == S_SSL_ERROR) {
 		socket->ops->done(socket, connection_state(S_SSL_ERROR));
@ -198,7 +196,7 @@ ssl_connect(struct socket *socket)
 			if (!get_opt_bool("connection.ssl.cert_verify", NULL))
 				break;

-			if (!gnutls_certificate_verify_peers(*((ssl_t *) socket->ssl)))
+			if (!gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status))
 #endif
 				break;

--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@ -287,12 +287,15 @@ init_ssl_connection(struct socket *socket)
 #else
 	gnutls_set_default_priority(*state);
 #endif
+#if 0
+	/* Deprecated functions */
 	/* gnutls_handshake_set_private_extensions(*state, 1); */
 	gnutls_cipher_set_priority(*state, cipher_priority);
 	gnutls_kx_set_priority(*state, kx_priority);
 	/* gnutls_certificate_type_set_priority(*state, cert_type_priority);
 	gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name,
 			       sizeof(server_name) - 1); */
+#endif

 	socket->ssl = state;
 #endif