|
 |
85b690b |
Patch by Nikos Mavrogiannopoulos <nmavrogi@redhat.com>
|
|
|
85b690b |
|
|
|
85b690b |
gnutls 3.4.0 drops gnutls_kx_set_priority which is used by tigervnc. The
|
|
|
85b690b |
attached patch fixes this issue and allows tigervnc to compile with new gnutls
|
|
|
85b690b |
versions.
|
|
|
85b690b |
|
|
|
85b690b |
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
|
|
|
85b690b |
index 222748c..f7e9dfd 100644
|
|
|
85b690b |
--- a/common/rfb/CSecurityTLS.cxx
|
|
|
85b690b |
+++ b/common/rfb/CSecurityTLS.cxx
|
|
|
85b690b |
@@ -202,13 +202,12 @@ bool CSecurityTLS::processMsg(CConnection* cc)
|
|
|
85b690b |
|
|
|
85b690b |
void CSecurityTLS::setParam()
|
|
|
85b690b |
{
|
|
|
85b690b |
- static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 };
|
|
|
85b690b |
- static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
|
|
|
85b690b |
- GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 };
|
|
|
85b690b |
+ int ret;
|
|
|
85b690b |
|
|
|
85b690b |
if (anon) {
|
|
|
85b690b |
- if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS)
|
|
|
85b690b |
- throw AuthFailureException("gnutls_kx_set_priority failed");
|
|
|
85b690b |
+ ret = gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
|
|
|
85b690b |
+ if (ret < 0)
|
|
|
85b690b |
+ throw AuthFailureException("gnutls_priority_set_direct failed");
|
|
|
85b690b |
|
|
|
85b690b |
if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
|
|
|
85b690b |
throw AuthFailureException("gnutls_anon_allocate_client_credentials failed");
|
|
|
85b690b |
@@ -218,8 +217,9 @@ void CSecurityTLS::setParam()
|
|
|
85b690b |
|
|
|
85b690b |
vlog.debug("Anonymous session has been set");
|
|
|
85b690b |
} else {
|
|
|
85b690b |
- if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS)
|
|
|
85b690b |
- throw AuthFailureException("gnutls_kx_set_priority failed");
|
|
|
85b690b |
+ ret = gnutls_set_default_priority(session);
|
|
|
85b690b |
+ if (ret < 0)
|
|
|
85b690b |
+ throw AuthFailureException("gnutls_set_default_priority failed");
|
|
|
85b690b |
|
|
|
85b690b |
if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
|
|
|
85b690b |
throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
|
|
|
85b690b |
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
|
|
|
85b690b |
index d4e88d7..7ac4652 100644
|
|
|
85b690b |
--- a/common/rfb/SSecurityTLS.cxx
|
|
|
85b690b |
+++ b/common/rfb/SSecurityTLS.cxx
|
|
|
85b690b |
@@ -166,13 +166,17 @@ bool SSecurityTLS::processMsg(SConnection *sc)
|
|
|
85b690b |
|
|
|
85b690b |
void SSecurityTLS::setParams(gnutls_session session)
|
|
|
85b690b |
{
|
|
|
85b690b |
- static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 };
|
|
|
85b690b |
- static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
|
|
|
85b690b |
- GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 };
|
|
|
85b690b |
+ int ret;
|
|
|
85b690b |
|
|
|
85b690b |
- if (gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority)
|
|
|
85b690b |
- != GNUTLS_E_SUCCESS)
|
|
|
85b690b |
- throw AuthFailureException("gnutls_kx_set_priority failed");
|
|
|
85b690b |
+ if (anon) {
|
|
|
85b690b |
+ ret = gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
|
|
|
85b690b |
+ if (ret < 0)
|
|
|
85b690b |
+ throw AuthFailureException("gnutls_priority_set_direct failed");
|
|
|
85b690b |
+ } else {
|
|
|
85b690b |
+ ret = gnutls_set_default_priority(session);
|
|
|
85b690b |
+ if (ret < 0)
|
|
|
85b690b |
+ throw AuthFailureException("gnutls_set_default_priority failed");
|
|
|
85b690b |
+ }
|
|
|
85b690b |
|
|
|
85b690b |
if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
|
|
|
85b690b |
throw AuthFailureException("gnutls_dh_params_init failed");
|