Tree - rpms/tigervnc - src.fedoraproject.org

rpms / tigervnc

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: jgrulich
EPEL:: jgrulich
Files

Commit: c38da640b0e418345d5096f48b137c9a3e3b1acf
Blob Blame History Raw
Patch by Nikos Mavrogiannopoulos <nmavrogi@redhat.com>

gnutls 3.4.0 drops gnutls_kx_set_priority which is used by tigervnc. The
attached patch fixes this issue and allows tigervnc to compile with new gnutls
versions.

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 222748c..f7e9dfd 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -202,13 +202,12 @@ bool CSecurityTLS::processMsg(CConnection* cc)
 
 void CSecurityTLS::setParam()
 {
-  static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 };
-  static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
-				     GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 };
+  int ret;
 
   if (anon) {
-    if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS)
-      throw AuthFailureException("gnutls_kx_set_priority failed");
+    ret = gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
+    if (ret < 0)
+      throw AuthFailureException("gnutls_priority_set_direct failed");
 
     if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_anon_allocate_client_credentials failed");
@@ -218,8 +217,9 @@ void CSecurityTLS::setParam()
 
     vlog.debug("Anonymous session has been set");
   } else {
-    if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS)
-      throw AuthFailureException("gnutls_kx_set_priority failed");
+    ret = gnutls_set_default_priority(session);
+    if (ret < 0)
+      throw AuthFailureException("gnutls_set_default_priority failed");
 
     if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index d4e88d7..7ac4652 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -166,13 +166,17 @@ bool SSecurityTLS::processMsg(SConnection *sc)
 
 void SSecurityTLS::setParams(gnutls_session session)
 {
-  static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 };
-  static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
-				     GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 };
+  int ret;
 
-  if (gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority)
-      != GNUTLS_E_SUCCESS)
-    throw AuthFailureException("gnutls_kx_set_priority failed");
+  if (anon) {
+    ret = gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
+    if (ret < 0)
+      throw AuthFailureException("gnutls_priority_set_direct failed");
+  } else {
+    ret = gnutls_set_default_priority(session);
+    if (ret < 0)
+      throw AuthFailureException("gnutls_set_default_priority failed");
+  }
 
   if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
     throw AuthFailureException("gnutls_dh_params_init failed");
rpms / tigervnc

Source Code

Files
