[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 1/2] vns/tls: don't use depricated gnutls functions
From: Gerd Hoffmann <kraxel@xxxxxxxxxx> Avoid using deprecated gnutls functions with recent gnutls versions. Fixes build failure on Fedora 16. Keep the old way for compatibility with old installations such as RHEL-5 (gnutls 1.4.x). Based on a patch from Raghavendra D Prabhu <raghu.prabhu13@xxxxxxxxx> Upstream commit f40d55081667a716312b9a8b6e13835c4074f56b Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx> Signed-off-by: Anthony Liguori <aliguori@xxxxxxxxxx> Signed-off-by: Olaf Hering <olaf@xxxxxxxxx> --- vnc.c | 65 +++++++++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 20 deletions(-) diff --git a/vnc.c b/vnc.c index 7629dfa..96f2fba 100644 --- a/vnc.c +++ b/vnc.c @@ -2135,13 +2135,52 @@ static void vnc_handshake_io(void *opaque) { (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \ (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN) +#if defined(GNUTLS_VERSION_NUMBER) && \ + GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */ +static int vnc_set_gnutls_priority(gnutls_session_t s, int x509) +{ + const char *priority = x509 ? "NORMAL" : "NORMAL:+ANON-DH"; + int rc; -static int vnc_start_tls(struct VncState *vs) { - static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; - static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; - static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0}; - static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; + rc = gnutls_priority_set_direct(s, priority, NULL); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + return 0; +} +#else +static int vnc_set_gnutls_priority(gnutls_session_t s, int x509) +{ + static const int cert_types[] = { GNUTLS_CRT_X509, 0 }; + static const int protocols[] = { + GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 + }; + static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 }; + static const int kx_x509[] = { + GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, + GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 + }; + int rc; + + rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + + rc = gnutls_certificate_type_set_priority(s, cert_types); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + rc = gnutls_protocol_set_priority(s, protocols); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + return 0; +} +#endif + +static int vnc_start_tls(struct VncState *vs) { VNC_DEBUG("Do TLS setup\n"); if (vnc_tls_initialize() < 0) { VNC_DEBUG("Failed to init TLS\n"); @@ -2161,21 +2200,7 @@ static int vnc_start_tls(struct VncState *vs) { return -1; } - if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) { + if (vnc_set_gnutls_priority(vs->tls_session, !!NEED_X509_AUTH(vs)) < 0) { gnutls_deinit(vs->tls_session); vs->tls_session = NULL; vnc_client_error(vs); _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |