1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
From 9d9b38b434b9d2e4b3bddd618cea944dfb960966 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Mon, 13 Apr 2015 22:03:14 +0300
Subject: [PATCH] s4:lib/tls: use gnutls_priority_set_direct()
gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0.
---
source4/lib/tls/tls.c | 4 +---
source4/lib/tls/tls_tstream.c | 9 +--------
2 files changed, 2 insertions(+), 11 deletions(-)
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index b9182ad..2bcbb80 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -572,7 +572,6 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
{
struct tls_context *tls;
int ret = 0;
- const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
struct socket_context *new_sock;
NTSTATUS nt_status;
@@ -597,8 +596,7 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
gnutls_certificate_allocate_credentials(&tls->xcred);
gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM);
TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
- TLSCHECK(gnutls_set_default_priority(tls->session));
- gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
+ TLSCHECK(gnutls_priority_set_direct(tls->session, "NORMAL:+CTYPE-OPENPGP", NULL));
TLSCHECK(gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->xcred));
talloc_set_destructor(tls, tls_destructor);
diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
index f19f5c5..ff0e881 100644
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -967,11 +967,6 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
#if ENABLE_GNUTLS
struct tstream_tls *tlss;
int ret;
- static const int cert_type_priority[] = {
- GNUTLS_CRT_X509,
- GNUTLS_CRT_OPENPGP,
- 0
- };
#endif /* ENABLE_GNUTLS */
req = tevent_req_create(mem_ctx, &state,
@@ -1007,15 +1002,13 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- ret = gnutls_set_default_priority(tlss->tls_session);
+ ret = gnutls_priority_set_direct(tlss->tls_session, "NORMAL:+CTYPE-OPENPGP", NULL);
if (ret != GNUTLS_E_SUCCESS) {
DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
tevent_req_error(req, EINVAL);
return tevent_req_post(req, ev);
}
- gnutls_certificate_type_set_priority(tlss->tls_session, cert_type_priority);
-
ret = gnutls_credentials_set(tlss->tls_session,
GNUTLS_CRD_CERTIFICATE,
tls_params->x509_cred);
--
2.3.5
|
