1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001
From: Alon Bar-Lev <alon.barlev@gmail.com>
Date: Sat, 4 Mar 2017 01:00:40 +0200
Subject: [PATCH] ssl: drop call of deprecated
gnutls_certificate_type_set_priority()
CTYPE-X.509 is the default value. Closes: #624077
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
---
src/clients/lib/libnuclient.c | 15 ++-------------
src/nufw/tls.c | 14 --------------
2 files changed, 2 insertions(+), 27 deletions(-)
diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c
index 917e75a..6e78c96 100644
--- a/src/clients/lib/libnuclient.c
+++ b/src/clients/lib/libnuclient.c
@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
# define DH_BITS 1024
#endif
-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
-
-
void nu_exit_clean(nuauth_session_t * session)
{
if (session->ct) {
@@ -270,7 +267,7 @@ int check_key_perms(const char* filename)
return 1;
}
-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st)
+static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st)
{
printf("TLS error: server requests certificate, none configured\n");
return 0;
@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session,
SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR);
return 0;
}
- gnutls_certificate_client_set_retrieve_function(session->cred,
+ gnutls_certificate_set_retrieve_function(session->cred,
&_cb_request_cert);
}
@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session)
return 0;
}
- ret =
- gnutls_certificate_type_set_priority(session->tls,
- cert_type_priority);
- if (ret < 0) {
- return 0;
- }
return 1;
}
@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session)
gnutls_deinit(session->tls);
gnutls_init(&session->tls, GNUTLS_CLIENT);
gnutls_set_default_priority(session->tls);
- gnutls_certificate_type_set_priority(session->tls,
- cert_type_priority);
session->need_set_cred = 1;
/* close socket */
diff --git a/src/nufw/tls.c b/src/nufw/tls.c
index e7223eb..2d46820 100644
--- a/src/nufw/tls.c
+++ b/src/nufw/tls.c
@@ -506,8 +506,6 @@ void tls_connect()
gnutls_session *tls_session;
int tls_socket, ret;
#if USE_X509
- const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
-
tls.session = NULL;
/* compute patch key_file */
@@ -655,18 +653,6 @@ void tls_connect()
return;
}
#if USE_X509
- ret = gnutls_certificate_type_set_priority(*(tls_session),
- cert_type_priority);
- if (ret < 0) {
- log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING,
- "TLS: gnutls_certificate_type_set_priority() failed: %s",
- gnutls_strerror(ret));
- gnutls_certificate_free_credentials(tls.xcred);
- gnutls_deinit(*tls_session);
- free(tls_session);
- return;
- }
-
/* put the x509 credentials to the current session */
ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE,
tls.xcred);
--
2.10.2
|