From: Stefan Weil <weil@mail.berlios.de>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 3/3] vns/tls: don't use depricated gnutls functions
Date: Wed, 07 Sep 2011 17:11:06 +0200 [thread overview]
Message-ID: <4E67898A.8060502@mail.berlios.de> (raw)
In-Reply-To: <1315400537-25487-4-git-send-email-kraxel@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 3514 bytes --]
See inline comments below.
Am 07.09.2011 15:02, schrieb Gerd Hoffmann:
> Avoid using depricated gnutls functions with recent gnutls versions.
deprecated?
> Fixes build failure on Fedora 16. Keep the old way for compatibility
> with old installations such as RHEL-5 (gnutls 1.4.x).
>
> Based on a patch from Raghavendra D Prabhu <raghu.prabhu13@gmail.com>
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
> ui/vnc-tls.c | 62
> ++++++++++++++++++++++++++++++++++++++++-----------------
> 1 files changed, 43 insertions(+), 19 deletions(-)
>
> diff --git a/ui/vnc-tls.c b/ui/vnc-tls.c
> index 2e2456e..276e127 100644
> --- a/ui/vnc-tls.c
> +++ b/ui/vnc-tls.c
> @@ -283,13 +283,51 @@ int vnc_tls_validate_certificate(struct VncState
> *vs)
> return 0;
> }
>
> +#if defined(GNUTLS_VERSION_NUMBER) && \
> + GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */
> +
> +static int vnc_set_gnutls_priority(struct VncState *vs, int
> needX509Creds)
Replace the first argument by gnutls_session_t /session/.
This simplifies the code.
> +{
> + const char *priority = needX509Creds ? "NORMAL" : "NORMAL:+ANON-DH";
> +
> + if (gnutls_priority_set_direct(vs->tls.session, priority, NULL) < 0) {
Even if this works, testing for != GNUTLS_E_SUCCESS would be
better because GNUTLS_E_SUCCESS is the return value for success
according to the manual.
The same applies to the other function calls below as well.
> + return -1;
> + }
> + return 0;
> +}
> +
> +#else
> +
> +static int vnc_set_gnutls_priority(struct VncState *vs, int x509)
Replace the first argument by gnutls_session_t /session/.
> +{
> + static const int cert_types[] = { GNUTLS_CRT_X509, 0 };
> + static const int protocols[] = {
> + GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0
> + };
> + static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 };
> + static const int kx_x509[] = {
> + GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
> + GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0
> + };
> +
> + if (gnutls_kx_set_priority(vs->tls.session, x509 ? kx_x509 :
> kx_anon) < 0) {
> + return -1;
> + }
> +
> + if (gnutls_certificate_type_set_priority(vs->tls.session,
> cert_types) < 0) {
> + return -1;
> + }
> +
> + if (gnutls_protocol_set_priority(vs->tls.session, protocols) < 0) {
> + return -1;
> + }
> + return 0;
> +}
> +
> +#endif
>
> int vnc_tls_client_setup(struct VncState *vs,
> int needX509Creds) {
> - static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
> - static const int protocol_priority[]= { GNUTLS_TLS1_1,
> GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
> - static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
> - static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
> GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
>
> VNC_DEBUG("Do TLS setup\n");
> if (vnc_tls_initialize() < 0) {
> @@ -310,21 +348,7 @@ int vnc_tls_client_setup(struct VncState *vs,
> return -1;
> }
>
> - if (gnutls_kx_set_priority(vs->tls.session, needX509Creds ? kx_x509
> : kx_anon) < 0) {
> - gnutls_deinit(vs->tls.session);
> - vs->tls.session = NULL;
> - vnc_client_error(vs);
> - return -1;
> - }
> -
> - if (gnutls_certificate_type_set_priority(vs->tls.session,
> cert_type_priority) < 0) {
> - gnutls_deinit(vs->tls.session);
> - vs->tls.session = NULL;
> - vnc_client_error(vs);
> - return -1;
> - }
> -
> - if (gnutls_protocol_set_priority(vs->tls.session, protocol_priority)
> < 0) {
> + if (vnc_set_gnutls_priority(vs, needX509Creds) < 0) {
Use vs->tls.session as first argument.
> gnutls_deinit(vs->tls.session);
> vs->tls.session = NULL;
> vnc_client_error(vs);
[-- Attachment #2: Type: text/html, Size: 5045 bytes --]
next prev parent reply other threads:[~2011-09-07 15:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-07 13:02 [Qemu-devel] [PATCH 0/3] Fix build failures Gerd Hoffmann
2011-09-07 13:02 ` [Qemu-devel] [PATCH 1/3] Don't use g_thread_get_initialized Gerd Hoffmann
2011-09-22 3:11 ` TeLeMan
2011-09-07 13:02 ` [Qemu-devel] [PATCH 2/3] Use hex instead of binary Gerd Hoffmann
2011-09-07 13:02 ` [Qemu-devel] [PATCH 3/3] vns/tls: don't use depricated gnutls functions Gerd Hoffmann
2011-09-07 15:11 ` Stefan Weil [this message]
2011-09-07 15:52 ` [Qemu-devel] [PATCH v2] " Gerd Hoffmann
2011-09-09 18:34 ` [Qemu-devel] [PATCH 0/3] Fix build failures Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E67898A.8060502@mail.berlios.de \
--to=weil@mail.berlios.de \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.