Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

upstream/624058-gnutls-deprecated.patch: deprecate gnutls_protocol_se…

…t_priority() (Closes: 624058)
  • Loading branch information...
commit 512ec4c0ef82aa299315b3939da857a651ee9d23 1 parent b2cc1a0
Antonio Radici authored
View
2  debian/changelog
@@ -18,6 +18,8 @@ mutt (1.5.21-5) unstable; urgency=low
* debian/patches/upstream:
+ 611412-bts-regexp.patch: fixes a regexp for BTS in the mutt manual
(Closes: 611412)
+ + 624058-gnutls-deprecated.patch: deprecate gnutls_protocol_set_priority()
+ (Closes: 624058)
* debian/extra/samples/sidebar.muttrc: documented the options that
the sidebar-{sorted,dotted} patches are introducing; documentation
submitted by Julien Valroff (Closes: 603186)
View
73 debian/patches/upstream/624058-gnutls-deprecated.patch
@@ -0,0 +1,73 @@
+Tentative fix to replace the deprecated gnutls_protocol_set_priority() with
+gnutls_priority_set_direct(), initially reported in http://bugs.debian.org/624058
+
+--- a/mutt_ssl_gnutls.c
++++ b/mutt_ssl_gnutls.c
+@@ -238,8 +238,6 @@
+ gnutls_x509_crt_deinit (clientcrt);
+ }
+
+-static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
+-
+ /* tls_negotiate: After TLS state has been initialised, attempt to negotiate
+ * TLS over the wire, including certificate checks. */
+ static int tls_negotiate (CONNECTION * conn)
+@@ -247,6 +245,18 @@
+ tlssockdata *data;
+ int err;
+
++#if GNUTLS_VERSION_MAJOR >= 2 && GNUTLS_VERSION_MINOR >= 12
++ const char *force_sslv3_str = "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0";
++ const char *force_tls_str = "NORMAL:-VERS-SSL3.0:+VERS-TLS-ALL";
++#else
++ const char *force_sslv3_str =
++ "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0";
++ const char *force_tls_str = "NORMAL:-VERS-SSL3.0:+VERS-TLS-1.2:+VERS-TLS1.1:+VERS-TLS1.0";
++#endif
++ char *priority_str = "NORMAL";
++ const char *error_pos;
++ int error_code;
++
+ data = (tlssockdata *) safe_calloc (1, sizeof (tlssockdata));
+ conn->sockdata = data;
+ err = gnutls_certificate_allocate_credentials (&data->xcred);
+@@ -294,13 +304,11 @@
+ }
+ else if (!option(OPTTLSV1))
+ {
+- protocol_priority[0] = GNUTLS_SSL3;
+- protocol_priority[1] = 0;
++ priority_str = force_sslv3_str;
+ }
+ else if (!option(OPTSSLV3))
+ {
+- protocol_priority[0] = GNUTLS_TLS1;
+- protocol_priority[1] = 0;
++ priority_str = force_tls_str;
+ }
+ /*
+ else
+@@ -309,7 +317,22 @@
+
+ /* We use default priorities (see gnutls documentation),
+ except for protocol version */
+- gnutls_set_default_priority (data->state);
++ error_pos = NULL;
++ if ( (error_code = gnutls_priority_set_direct (data->state, priority_str,
++ &error_pos)) != 0 )
++ {
++ if ( error_pos )
++ {
++ mutt_error("gnutls_priority_set_direct(%s) pos %s", priority_str, error_pos);
++ }
++ else
++ {
++ mutt_error("gnutls_priority_set_direct(%s)", priority_str);
++ }
++ mutt_sleep(2);
++ goto fail;
++ }
++
+ gnutls_protocol_set_priority (data->state, protocol_priority);
+
+ if (SslDHPrimeBits > 0)
Please sign in to comment.
Something went wrong with that request. Please try again.