Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:olh:xen-4.2
xen
qemu-xen-traditional.vnc.gnutls.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File qemu-xen-traditional.vnc.gnutls.patch of Package xen
From a245201e0b4ee004b00f1d010bc513994746338e Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann <kraxel@redhat.com> Date: Tue, 28 Apr 2015 11:12:18 +0200 Subject: vns/tls: don't use depricated gnutls functions Avoid using deprecated gnutls functions with recent gnutls versions. Fixes build failure on Fedora 16. Keep the old way for compatibility with old installations such as RHEL-5 (gnutls 1.4.x). Based on a patch from Raghavendra D Prabhu <raghu.prabhu13@gmail.com> Upstream commit f40d55081667a716312b9a8b6e13835c4074f56b Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Olaf Hering <olaf@aepfle.de> --- vnc.c | 65 +++++++++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 20 deletions(-) diff --git a/vnc.c b/vnc.c index 7629dfa..96f2fba 100644 --- a/vnc.c +++ b/vnc.c @@ -2135,13 +2135,52 @@ static void vnc_handshake_io(void *opaque) { (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \ (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN) +#if defined(GNUTLS_VERSION_NUMBER) && \ + GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */ +static int vnc_set_gnutls_priority(gnutls_session_t s, int x509) +{ + const char *priority = x509 ? "NORMAL" : "NORMAL:+ANON-DH"; + int rc; -static int vnc_start_tls(struct VncState *vs) { - static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; - static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; - static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0}; - static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; + rc = gnutls_priority_set_direct(s, priority, NULL); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + return 0; +} +#else +static int vnc_set_gnutls_priority(gnutls_session_t s, int x509) +{ + static const int cert_types[] = { GNUTLS_CRT_X509, 0 }; + static const int protocols[] = { + GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 + }; + static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 }; + static const int kx_x509[] = { + GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, + GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 + }; + int rc; + + rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + + rc = gnutls_certificate_type_set_priority(s, cert_types); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + rc = gnutls_protocol_set_priority(s, protocols); + if (rc != GNUTLS_E_SUCCESS) { + return -1; + } + return 0; +} +#endif + +static int vnc_start_tls(struct VncState *vs) { VNC_DEBUG("Do TLS setup\n"); if (vnc_tls_initialize() < 0) { VNC_DEBUG("Failed to init TLS\n"); @@ -2161,21 +2200,7 @@ static int vnc_start_tls(struct VncState *vs) { return -1; } - if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) { + if (vnc_set_gnutls_priority(vs->tls_session, !!NEED_X509_AUTH(vs)) < 0) { gnutls_deinit(vs->tls_session); vs->tls_session = NULL; vnc_client_error(vs); From fa8094c50a674053b63ebb1a1f64235266ec4933 Mon Sep 17 00:00:00 2001 From: Andre Przywara <andre.przywara@amd.com> Date: Tue, 28 Apr 2015 11:15:39 +0200 Subject: vnc-tls: Fix compilation with newer versions of GNU-TLS In my installation of GNU-TLS (v3.0.23) the type gnutls_anon_server_credentials is marked deprecated, so -Werror breaks compilation. Simply replacing it with the newer ..._t version fixed the compilation on my machine (Slackware 14.0). I cannot tell how far back this "new" type goes, at least the header file in RHEL 5.0 (v1.4.1) seems to have it already. If someone finds a broken distribution, tell me and I insert some compat code. Upstream commit 7d2a929feba319c18603e324b1750830d6c8b7a1 Signed-off-by: Andre Przywara <andre.przywara@amd.com> Message-id: 1350551818-14717-1-git-send-email-andre.przywara@amd.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Olaf Hering <olaf@aepfle.de> --- vnc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vnc.c b/vnc.c index 96f2fba..8ed8a26 100644 --- a/vnc.c +++ b/vnc.c @@ -1909,9 +1909,9 @@ static int vnc_tls_initialize(void) return 1; } -static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void) +static gnutls_anon_server_credentials_t vnc_tls_initialize_anon_cred(void) { - gnutls_anon_server_credentials anon_cred; + gnutls_anon_server_credentials_t anon_cred; int ret; if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) { @@ -2228,7 +2228,7 @@ static int vnc_start_tls(struct VncState *vs) { } } else { - gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred(); + gnutls_anon_server_credentials_t anon_cred = vnc_tls_initialize_anon_cred(); if (!anon_cred) { gnutls_deinit(vs->tls_session); vs->tls_session = NULL;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor