debian/patches/upstream/624058-gnutls-deprecated-set-priority.patch

   1 Replace the deprecated gnutls_protocol_set_priority() with
   2 gnutls_priority_set_direct()
   3
   4 Reported on http://bugs.debian.org/624058
   5 Report upstream on http://bugs.mutt.org/3515
   6
   7 --- a/mutt_ssl_gnutls.c
   8 +++ b/mutt_ssl_gnutls.c
   9 @@ -238,8 +238,6 @@
  10    gnutls_x509_crt_deinit (clientcrt);
  11  }
  12
  13 -static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
  14 -
  15  /* tls_negotiate: After TLS state has been initialised, attempt to negotiate
  16   *   TLS over the wire, including certificate checks. */
  17  static int tls_negotiate (CONNECTION * conn)
  18 @@ -247,6 +245,18 @@
  19    tlssockdata *data;
  20    int err;
  21
  22 +#if GNUTLS_VERSION_MAJOR >= 2 && GNUTLS_VERSION_MINOR >= 12
  23 +  char *force_sslv3_str = "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0";
  24 +  char *force_tls_str = "NORMAL:-VERS-SSL3.0:+VERS-TLS-ALL";
  25 +#else
  26 +  char *force_sslv3_str =
  27 +        "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0";
  28 +  char *force_tls_str = "NORMAL:-VERS-SSL3.0:+VERS-TLS-1.2:+VERS-TLS1.1:+VERS-TLS1.0";
  29 +#endif
  30 +  char *priority_str = "NORMAL";
  31 +  const char *error_pos;
  32 +  int error_code;
  33 +
  34    data = (tlssockdata *) safe_calloc (1, sizeof (tlssockdata));
  35    conn->sockdata = data;
  36    err = gnutls_certificate_allocate_credentials (&data->xcred);
  37 @@ -294,13 +304,11 @@
  38    }
  39    else if (!option(OPTTLSV1))
  40    {
  41 -    protocol_priority[0] = GNUTLS_SSL3;
  42 -    protocol_priority[1] = 0;
  43 +    priority_str = force_sslv3_str;
  44    }
  45    else if (!option(OPTSSLV3))
  46    {
  47 -    protocol_priority[0] = GNUTLS_TLS1;
  48 -    protocol_priority[1] = 0;
  49 +    priority_str = force_tls_str;
  50    }
  51    /*
  52    else
  53 @@ -309,8 +317,21 @@
  54
  55    /* We use default priorities (see gnutls documentation),
  56       except for protocol version */
  57 -  gnutls_set_default_priority (data->state);
  58 -  gnutls_protocol_set_priority (data->state, protocol_priority);
  59 +  error_pos = NULL;
  60 +  if ( (error_code = gnutls_priority_set_direct (data->state, priority_str,
  61 +                   &error_pos)) != 0 )
  62 +  {
  63 +    if ( error_pos )
  64 +    {
  65 +      mutt_error("gnutls_priority_set_direct(%s) pos %s", priority_str, error_pos);
  66 +    }
  67 +    else
  68 +    {
  69 +      mutt_error("gnutls_priority_set_direct(%s)", priority_str);
  70 +    }
  71 +    mutt_sleep(2);
  72 +    goto fail;
  73 +  }
  74
  75    if (SslDHPrimeBits > 0)
  76    {