dcavalca / rpms / qemu

Forked from rpms/qemu 11 months ago
Clone
Source Code
GIT

Blame 0216-vns-tls-don-t-use-depricated-gnutls-functions.patch

c8s-sig-hyperscale c9s-sig-hyperscale
  1.   cd9d1615148a819966218610f5929f0fba1ae14f
  2.   0216-vns-tls-don-t-use-depricated-gnutls-functions.patch
Blob History Raw
cd9d16 
From 5a32540f7b39f0b1224c3d6f1d12b6d4e358fe0a Mon Sep 17 00:00:00 2001
cd9d16 
From: Gerd Hoffmann <kraxel@redhat.com>
cd9d16 
Date: Wed, 7 Sep 2011 17:52:10 +0200
cd9d16 
Subject: [PATCH] vns/tls: don't use depricated gnutls functions
cd9d16 
MIME-Version: 1.0
cd9d16 
Content-Type: text/plain; charset=UTF-8
cd9d16 
Content-Transfer-Encoding: 8bit
cd9d16
cd9d16 
Avoid using deprecated gnutls functions with recent gnutls versions.
cd9d16 
Fixes build failure on Fedora 16.  Keep the old way for compatibility
cd9d16 
with old installations such as RHEL-5 (gnutls 1.4.x).
cd9d16
cd9d16 
Based on a patch from Raghavendra D Prabhu <raghu.prabhu13@gmail.com>
cd9d16
cd9d16 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
cd9d16 
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
cd9d16 
(cherry picked from commit f40d55081667a716312b9a8b6e13835c4074f56b)
cd9d16
cd9d16 
Signed-off-by: Bruce Rogers <brogers@suse.com>
cd9d16 
Signed-off-by: Andreas Färber <afaerber@suse.de>
cd9d16 
---
cd9d16 
 ui/vnc-tls.c | 68 +++++++++++++++++++++++++++++++++++++++++++-----------------
cd9d16 
 1 file changed, 49 insertions(+), 19 deletions(-)
cd9d16
cd9d16 
diff --git a/ui/vnc-tls.c b/ui/vnc-tls.c
cd9d16 
index 31f1467..f5ed306 100644
cd9d16 
--- a/ui/vnc-tls.c
cd9d16 
+++ b/ui/vnc-tls.c
cd9d16 
@@ -283,13 +283,57 @@ int vnc_tls_validate_certificate(struct VncState *vs)
cd9d16 
     return 0;
cd9d16 
 }
cd9d16
cd9d16 
+#if defined(GNUTLS_VERSION_NUMBER) && \
cd9d16 
+    GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */
cd9d16 
+
cd9d16 
+static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
cd9d16 
+{
cd9d16 
+    const char *priority = x509 ? "NORMAL" : "NORMAL:+ANON-DH";
cd9d16 
+    int rc;
cd9d16 
+
cd9d16 
+    rc = gnutls_priority_set_direct(s, priority, NULL);
cd9d16 
+    if (rc != GNUTLS_E_SUCCESS) {
cd9d16 
+        return -1;
cd9d16 
+    }
cd9d16 
+    return 0;
cd9d16 
+}
cd9d16 
+
cd9d16 
+#else
cd9d16 
+
cd9d16 
+static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
cd9d16 
+{
cd9d16 
+    static const int cert_types[] = { GNUTLS_CRT_X509, 0 };
cd9d16 
+    static const int protocols[] = {
cd9d16 
+        GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0
cd9d16 
+    };
cd9d16 
+    static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 };
cd9d16 
+    static const int kx_x509[] = {
cd9d16 
+        GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
cd9d16 
+        GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0
cd9d16 
+    };
cd9d16 
+    int rc;
cd9d16 
+
cd9d16 
+    rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon);
cd9d16 
+    if (rc != GNUTLS_E_SUCCESS) {
cd9d16 
+        return -1;
cd9d16 
+    }
cd9d16 
+
cd9d16 
+    rc = gnutls_certificate_type_set_priority(s, cert_types);
cd9d16 
+    if (rc != GNUTLS_E_SUCCESS) {
cd9d16 
+        return -1;
cd9d16 
+    }
cd9d16 
+
cd9d16 
+    rc = gnutls_protocol_set_priority(s, protocols);
cd9d16 
+    if (rc != GNUTLS_E_SUCCESS) {
cd9d16 
+        return -1;
cd9d16 
+    }
cd9d16 
+    return 0;
cd9d16 
+}
cd9d16 
+
cd9d16 
+#endif
cd9d16
cd9d16 
 int vnc_tls_client_setup(struct VncState *vs,
cd9d16 
                          int needX509Creds) {
cd9d16 
-    static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
cd9d16 
-    static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
cd9d16 
-    static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
cd9d16 
-    static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
cd9d16
cd9d16 
     VNC_DEBUG("Do TLS setup\n");
cd9d16 
     if (vnc_tls_initialize() < 0) {
cd9d16 
@@ -310,21 +354,7 @@ int vnc_tls_client_setup(struct VncState *vs,
cd9d16 
             return -1;
cd9d16 
         }
cd9d16
cd9d16 
-        if (gnutls_kx_set_priority(vs->tls.session, needX509Creds ? kx_x509 : kx_anon) < 0) {
cd9d16 
-            gnutls_deinit(vs->tls.session);
cd9d16 
-            vs->tls.session = NULL;
cd9d16 
-            vnc_client_error(vs);
cd9d16 
-            return -1;
cd9d16 
-        }
cd9d16 
-
cd9d16 
-        if (gnutls_certificate_type_set_priority(vs->tls.session, cert_type_priority) < 0) {
cd9d16 
-            gnutls_deinit(vs->tls.session);
cd9d16 
-            vs->tls.session = NULL;
cd9d16 
-            vnc_client_error(vs);
cd9d16 
-            return -1;
cd9d16 
-        }
cd9d16 
-
cd9d16 
-        if (gnutls_protocol_set_priority(vs->tls.session, protocol_priority) < 0) {
cd9d16 
+        if (vnc_set_gnutls_priority(vs->tls.session, needX509Creds) < 0) {
cd9d16 
             gnutls_deinit(vs->tls.session);
cd9d16 
             vs->tls.session = NULL;
cd9d16 
             vnc_client_error(vs);
cd9d16 
--
cd9d16 
1.7.11.2
cd9d16

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation