|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set()
On Fri, Nov 20, 2015 at 09:47:45AM -0800, Luis R. Rodriguez wrote:
> From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
>
> Using deprecate gnutls_*_set() triggers a failure to compile
> with gnutls30-3.4.4, used on OpenSUSE factory:
>
> ../libqemu_common.a(vnc.o): In function `vnc_start_tls':
> ~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2164: undefined reference to
> `gnutls_kx_set_priority'
> ~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2171: undefined reference to
> `gnutls_certificate_type_set_priority'
> ~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2178: undefined reference to
> `gnutls_protocol_set_priority'
>
> This compilation issue can be fixed by using the new routine
> gnutls_priority_set_direct() which replaces the deprecated calls
> which also simplifies the code considerably.
Thanks for posting that! It certainly fixes that issue.
I was wondering if you had seen these as well:
/home/konrad/qemu-trad.git/vnc.c:1929:1: warning:
âgnutls_anon_server_credentialsâ is deprecated
[-Wdeprecated-declarations]
{
^
/home/konrad/qemu-trad.git/vnc.c: In function
âvnc_tls_initialize_anon_credâ:
/home/konrad/qemu-trad.git/vnc.c:1930:5: warning:
âgnutls_anon_server_credentialsâ is deprecated
[-Wdeprecated-declarations]
gnutls_anon_server_credentials anon_cred;
^
/home/konrad/qemu-trad.git/vnc.c: In function âvnc_start_tlsâ:
/home/konrad/qemu-trad.git/vnc.c:2203:6: warning:
âgnutls_anon_server_credentialsâ is deprecated
[-Wdeprecated-declarations]
gnutls_anon_server_credentials anon_cred =
vnc_tls_initialize_anon_cred();
^
?
(This is Fedora 23)
>
> The following Coccinelle rule expresses the change in a general
> grammar form, this could be used should the code be rebased, or
> to do the transformation in other projects using the same gnutls
> library.
>
> @ vars @
> identifier kx_x509, kx_anon, cert_type_priority, protocol_priority;
> declarer name NEED_X509_AUTH;
> @@
>
> -int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
> -int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
> -int kx_anon[] = { GNUTLS_KX_ANON_DH, 0};
> -int kx_x509[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA,
> GNUTLS_KX_SRP, 0};
>
> @ calls_kx_set_priority @
> identifier vars.kx_x509, vars.kx_anon;
> expression need_x509;
> struct VncState *vs;
> @@
>
> -if (gnutls_kx_set_priority(vs->tls_session, need_x509 ? kx_x509 : kx_anon) <
> 0) {
> - gnutls_deinit(vs->tls_session);
> - vs->tls_session = NULL;
> - vnc_client_error(vs);
> - return -1;
> -}
>
> @ calls_certificate_type_set_priority depends on calls_kx_set_priority @
> identifier vars.cert_type_priority;
> struct VncState *calls_kx_set_priority.vs;
> @@
> -if (gnutls_certificate_type_set_priority(vs->tls_session,
> cert_type_priority) < 0) {
> - gnutls_deinit(vs->tls_session);
> - vs->tls_session = NULL;
> - vnc_client_error(vs);
> - return -1;
> -}
>
> @ calls_protocol_set_priority depends on calls_certificate_type_set_priority @
> identifier vars.protocol_priority;
> struct VncState *calls_kx_set_priority.vs;
> expression calls_kx_set_priority.need_x509;
> @@
>
> -if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
> - gnutls_deinit(vs->tls_session);
> - vs->tls_session = NULL;
> - vnc_client_error(vs);
> - return -1;
> -}
> +if (gnutls_priority_set_direct(vs->tls_session, need_x509 ? "NORMAL" :
> "NORMAL:+ANON-DH", NULL) < 0) {
> + gnutls_deinit(vs->tls_session);
> + vs->tls_session = NULL;
> + vnc_client_error(vs);
> + return -1;
> +}
>
> Generated-by: Coccinelle SmPL
> Cc: cocci@xxxxxxxxxxxxxxx
> Signed-off-by: Luis R. Rodriguez <mcgrof@xxxxxxxx>
> ---
> vnc.c | 21 +--------------------
> 1 file changed, 1 insertion(+), 20 deletions(-)
>
> diff --git a/vnc.c b/vnc.c
> index 7629dfa18645..32c604084a5b 100644
> --- a/vnc.c
> +++ b/vnc.c
> @@ -2137,11 +2137,6 @@ static void vnc_handshake_io(void *opaque) {
>
>
> static int vnc_start_tls(struct VncState *vs) {
> - static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
> - static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0,
> GNUTLS_SSL3, 0 };
> - static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
> - static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
> GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
> -
> VNC_DEBUG("Do TLS setup\n");
> if (vnc_tls_initialize() < 0) {
> VNC_DEBUG("Failed to init TLS\n");
> @@ -2161,21 +2156,7 @@ static int vnc_start_tls(struct VncState *vs) {
> return -1;
> }
>
> - if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ?
> kx_x509 : kx_anon) < 0) {
> - gnutls_deinit(vs->tls_session);
> - vs->tls_session = NULL;
> - vnc_client_error(vs);
> - return -1;
> - }
> -
> - if (gnutls_certificate_type_set_priority(vs->tls_session,
> cert_type_priority) < 0) {
> - gnutls_deinit(vs->tls_session);
> - vs->tls_session = NULL;
> - vnc_client_error(vs);
> - return -1;
> - }
> -
> - if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) <
> 0) {
> + if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ?
> "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
> gnutls_deinit(vs->tls_session);
> vs->tls_session = NULL;
> vnc_client_error(vs);
> --
> 2.6.2
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |