1From 7136a908a056d0e36c89b6e1c39adff8ce2bb1d4 Mon Sep 17 00:00:00 2001 2From: Andre McCurdy <armccurdy@gmail.com> 3Date: Wed, 1 Nov 2017 13:17:34 -0700 4Subject: [PATCH] avoid obsolete gnutls apis 5 6The gnutls_*_set_priority() family of functions was marked deprecated 7in gnutls 2.12.x and removed completely in 3.5.x. These functions 8have been superceded by gnutls_priority_set_direct(), which was added 9in gnutls 2.2.0 (released 2007-12-14). 10 11Rather than simply update the custom gnutls_*_set_priority() calls to 12use gnutls_priority_set_direct(), drop the custom priority selection 13completely and use the recommended approach of letting gnutls pick a 14reasonable set of defaults. 15 16Upstream-Status: Pending 17 18Signed-off-by: Andre McCurdy <armccurdy@gmail.com> 19--- 20 src/tls-gnutls.c | 12 ++---------- 21 1 file changed, 2 insertions(+), 10 deletions(-) 22 23diff --git a/src/tls-gnutls.c b/src/tls-gnutls.c 24index d7b7c91..749e9ef 100644 25--- a/src/tls-gnutls.c 26+++ b/src/tls-gnutls.c 27@@ -48,11 +48,6 @@ tls_pull (struct ikstls_data *data, char *buffer, size_t len) 28 static int 29 tls_handshake (struct ikstls_data **datap, ikstransport *trans, void *sock) 30 { 31- const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; 32- const int kx_priority[] = { GNUTLS_KX_RSA, 0 }; 33- const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; 34- const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; 35- const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; 36 struct ikstls_data *data; 37 int ret; 38 39@@ -81,11 +76,8 @@ tls_handshake (struct ikstls_data **datap, ikstransport *trans, void *sock) 40 return IKS_NOMEM; 41 } 42 43- gnutls_protocol_set_priority (data->sess, protocol_priority); 44- gnutls_cipher_set_priority(data->sess, cipher_priority); 45- gnutls_compression_set_priority(data->sess, comp_priority); 46- gnutls_kx_set_priority(data->sess, kx_priority); 47- gnutls_mac_set_priority(data->sess, mac_priority); 48+ gnutls_set_default_priority (data->sess); 49+ 50 gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred); 51 52 gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push); 53-- 541.9.1 55 56