debian/patches/upstream/624058-gnutls-deprecated-set-priority.patch

   1 Replace the deprecated gnutls_protocol_set_priority() with
   2 gnutls_priority_set_direct()
   3
   4 Reported on http://bugs.debian.org/624058
   5
   6 --- a/mutt_ssl_gnutls.c
   7 +++ b/mutt_ssl_gnutls.c
   8 @@ -238,8 +238,6 @@
   9    gnutls_x509_crt_deinit (clientcrt);
  10  }
  11
  12 -static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
  13 -
  14  /* tls_negotiate: After TLS state has been initialised, attempt to negotiate
  15   *   TLS over the wire, including certificate checks. */
  16  static int tls_negotiate (CONNECTION * conn)
  17 @@ -247,6 +245,18 @@
  18    tlssockdata *data;
  19    int err;
  20
  21 +#if GNUTLS_VERSION_MAJOR >= 2 && GNUTLS_VERSION_MINOR >= 12
  22 +  char *force_sslv3_str = "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0";
  23 +  char *force_tls_str = "NORMAL:-VERS-SSL3.0:+VERS-TLS-ALL";
  24 +#else
  25 +  char *force_sslv3_str =
  26 +        "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0";
  27 +  char *force_tls_str = "NORMAL:-VERS-SSL3.0:+VERS-TLS-1.2:+VERS-TLS1.1:+VERS-TLS1.0";
  28 +#endif
  29 +  char *priority_str = "NORMAL";
  30 +  const char *error_pos;
  31 +  int error_code;
  32 +
  33    data = (tlssockdata *) safe_calloc (1, sizeof (tlssockdata));
  34    conn->sockdata = data;
  35    err = gnutls_certificate_allocate_credentials (&data->xcred);
  36 @@ -294,13 +304,11 @@
  37    }
  38    else if (!option(OPTTLSV1))
  39    {
  40 -    protocol_priority[0] = GNUTLS_SSL3;
  41 -    protocol_priority[1] = 0;
  42 +    priority_str = force_sslv3_str;
  43    }
  44    else if (!option(OPTSSLV3))
  45    {
  46 -    protocol_priority[0] = GNUTLS_TLS1;
  47 -    protocol_priority[1] = 0;
  48 +    priority_str = force_tls_str;
  49    }
  50    /*
  51    else
  52 @@ -309,8 +317,21 @@
  53
  54    /* We use default priorities (see gnutls documentation),
  55       except for protocol version */
  56 -  gnutls_set_default_priority (data->state);
  57 -  gnutls_protocol_set_priority (data->state, protocol_priority);
  58 +  error_pos = NULL;
  59 +  if ( (error_code = gnutls_priority_set_direct (data->state, priority_str,
  60 +                   &error_pos)) != 0 )
  61 +  {
  62 +    if ( error_pos )
  63 +    {
  64 +      mutt_error("gnutls_priority_set_direct(%s) pos %s", priority_str, error_pos);
  65 +    }
  66 +    else
  67 +    {
  68 +      mutt_error("gnutls_priority_set_direct(%s)", priority_str);
  69 +    }
  70 +    mutt_sleep(2);
  71 +    goto fail;
  72 +  }
  73
  74    if (SslDHPrimeBits > 0)
  75    {