1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
--- libwzd-core/wzd_tls.c.orig 2007-10-25 17:25:33 UTC
+++ libwzd-core/wzd_tls.c
@@ -297,7 +297,7 @@ int tls_init(void)
return 1;
}
- SSL_CTX_set_client_CA_list(tls_ctx, (STACK *)ca_list);
+ SSL_CTX_set_client_CA_list(tls_ctx, ca_list);
}
SSL_CTX_set_session_cache_mode(tls_ctx, SSL_SESS_CACHE_CLIENT);
@@ -777,12 +777,11 @@ void * ssl_get_obj(wzd_context_t * context)
#include <stdlib.h>
#include <stdio.h>
+#include <string.h>
#include <gnutls/gnutls.h>
-#include <gcrypt.h>
#include <errno.h>
#include <pthread.h>
-GCRY_THREAD_OPTION_PTHREAD_IMPL;
#include <fcntl.h>
@@ -892,7 +891,6 @@ int tls_init(void)
/* The order matters.
*/
- gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
gnutls_global_init();
/** \todo TODO XXX move this code to global init ? */
@@ -946,19 +944,13 @@ int tls_exit(void)
static gnutls_session initialize_tls_session(gnutls_connection_end con_end)
{
- /* Allow connections to servers that have OpenPGP keys as well.
- */
- const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-
gnutls_session session;
gnutls_init(&session, con_end);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
+ /* Allow connections to servers that have OpenPGP keys as well.
*/
- gnutls_set_default_priority(session);
- gnutls_certificate_type_set_priority(session, cert_type_priority);
+ gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP", NULL);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
@@ -1001,27 +993,6 @@ int tls_auth (const char *type, wzd_context_t * contex
}
/** \todo XXX parse TLS cipher names */
- {
- /** Note that the priority is set on the client. The server does not use
- * the algorithm's priority except for disabling algorithms that were not
- * specified.
- */
- const int cipherPriority[] =
- {
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_ARCFOUR_40,
-#if ( (LIBGNUTLS_VERSION_MAJOR > 1) || (LIBGNUTLS_VERSION_MINOR >= 3) )
- GNUTLS_CIPHER_RC2_40_CBC,
- GNUTLS_CIPHER_DES_CBC,
-#endif
- 0
- };
-
- gnutls_cipher_set_priority(session, cipherPriority);
- }
/* ensure socket is non-blocking */
#if defined(_MSC_VER) || (defined(__CYGWIN__) && defined(WINSOCK_SUPPORT))
|
