From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:43340) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QwXa9-0007vj-AL for qemu-devel@nongnu.org; Thu, 25 Aug 2011 06:54:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QwXa6-0004Uv-Nm for qemu-devel@nongnu.org; Thu, 25 Aug 2011 06:54:45 -0400 Received: from mail-yx0-f173.google.com ([209.85.213.173]:60746) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QwXa6-0004Uk-LG for qemu-devel@nongnu.org; Thu, 25 Aug 2011 06:54:42 -0400 Received: by yxt3 with SMTP id 3so1835838yxt.4 for ; Thu, 25 Aug 2011 03:54:42 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <51b5cbebc488fc126339651120e923934fe29928.1309816302.git.rprabhu@wnohang.net> References: <51b5cbebc488fc126339651120e923934fe29928.1309816302.git.rprabhu@wnohang.net> Date: Thu, 25 Aug 2011 11:54:41 +0100 Message-ID: From: Stefan Hajnoczi Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH 1/3] Avoid the use of deprecated gnutls gnutls_*_set_priority functions. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: Raghavendra D Prabhu , qemu-devel@nongnu.org, kvm@vger.kernel.org, Raghavendra D Prabhu On Mon, Jul 4, 2011 at 11:00 PM, Raghavendra D Prabhu wrote: > The gnutls_*_set_priority family of functions has been marked deprecated > in 2.12.x. These functions have been superceded by > gnutls_priority_set_direct(). > > Signed-off-by: Raghavendra D Prabhu > --- > =A0ui/vnc-tls.c | =A0 20 +------------------- > =A01 files changed, 1 insertions(+), 19 deletions(-) > > diff --git a/ui/vnc-tls.c b/ui/vnc-tls.c > index dec626c..33a5d8c 100644 > --- a/ui/vnc-tls.c > +++ b/ui/vnc-tls.c > @@ -286,10 +286,6 @@ int vnc_tls_validate_certificate(struct VncState *vs= ) > > =A0int vnc_tls_client_setup(struct VncState *vs, > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0int needX509Creds) { > - =A0 =A0static const int cert_type_priority[] =3D { GNUTLS_CRT_X509, 0 }= ; > - =A0 =A0static const int protocol_priority[]=3D { GNUTLS_TLS1_1, GNUTLS_= TLS1_0, GNUTLS_SSL3, 0 }; > - =A0 =A0static const int kx_anon[] =3D {GNUTLS_KX_ANON_DH, 0}; > - =A0 =A0static const int kx_x509[] =3D {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA= , GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; > > =A0 =A0 VNC_DEBUG("Do TLS setup\n"); > =A0 =A0 if (vnc_tls_initialize() < 0) { > @@ -310,21 +306,7 @@ int vnc_tls_client_setup(struct VncState *vs, > =A0 =A0 =A0 =A0 =A0 =A0 return -1; > =A0 =A0 =A0 =A0 } > > - =A0 =A0 =A0 =A0if (gnutls_kx_set_priority(vs->tls.session, needX509Cred= s ? kx_x509 : kx_anon) < 0) { > - =A0 =A0 =A0 =A0 =A0 =A0gnutls_deinit(vs->tls.session); > - =A0 =A0 =A0 =A0 =A0 =A0vs->tls.session =3D NULL; > - =A0 =A0 =A0 =A0 =A0 =A0vnc_client_error(vs); > - =A0 =A0 =A0 =A0 =A0 =A0return -1; > - =A0 =A0 =A0 =A0} > - > - =A0 =A0 =A0 =A0if (gnutls_certificate_type_set_priority(vs->tls.session= , cert_type_priority) < 0) { > - =A0 =A0 =A0 =A0 =A0 =A0gnutls_deinit(vs->tls.session); > - =A0 =A0 =A0 =A0 =A0 =A0vs->tls.session =3D NULL; > - =A0 =A0 =A0 =A0 =A0 =A0vnc_client_error(vs); > - =A0 =A0 =A0 =A0 =A0 =A0return -1; > - =A0 =A0 =A0 =A0} > - > - =A0 =A0 =A0 =A0if (gnutls_protocol_set_priority(vs->tls.session, protoc= ol_priority) < 0) { > + =A0 =A0 =A0 =A0if (gnutls_priority_set_direct(vs->tls.session, needX509= Creds ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) { > =A0 =A0 =A0 =A0 =A0 =A0 gnutls_deinit(vs->tls.session); > =A0 =A0 =A0 =A0 =A0 =A0 vs->tls.session =3D NULL; > =A0 =A0 =A0 =A0 =A0 =A0 vnc_client_error(vs); > -- > 1.7.6 Daniel, This patch looks good to me but I don't know much about gnutls or crypto in general. Would you be willing to review this? Thanks, Stefan