File qemu-xen-traditional.vnc.gnutls.patch of Package xen
From a245201e0b4ee004b00f1d010bc513994746338e Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 28 Apr 2015 11:12:18 +0200
Subject: vns/tls: don't use depricated gnutls functions
Avoid using deprecated gnutls functions with recent gnutls versions.
Fixes build failure on Fedora 16. Keep the old way for compatibility
with old installations such as RHEL-5 (gnutls 1.4.x).
Based on a patch from Raghavendra D Prabhu <raghu.prabhu13@gmail.com>
Upstream commit f40d55081667a716312b9a8b6e13835c4074f56b
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Olaf Hering <olaf@aepfle.de>
---
vnc.c | 65 +++++++++++++++++++++++++++++++++++++++++++++--------------------
1 file changed, 45 insertions(+), 20 deletions(-)
diff --git a/vnc.c b/vnc.c
index 7629dfa..96f2fba 100644
--- a/vnc.c
+++ b/vnc.c
@@ -2135,13 +2135,52 @@ static void vnc_handshake_io(void *opaque) {
(vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
(vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
+#if defined(GNUTLS_VERSION_NUMBER) && \
+ GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */
+static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
+{
+ const char *priority = x509 ? "NORMAL" : "NORMAL:+ANON-DH";
+ int rc;
-static int vnc_start_tls(struct VncState *vs) {
- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
+ rc = gnutls_priority_set_direct(s, priority, NULL);
+ if (rc != GNUTLS_E_SUCCESS) {
+ return -1;
+ }
+ return 0;
+}
+#else
+static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
+{
+ static const int cert_types[] = { GNUTLS_CRT_X509, 0 };
+ static const int protocols[] = {
+ GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0
+ };
+ static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 };
+ static const int kx_x509[] = {
+ GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
+ GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0
+ };
+ int rc;
+
+ rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon);
+ if (rc != GNUTLS_E_SUCCESS) {
+ return -1;
+ }
+
+ rc = gnutls_certificate_type_set_priority(s, cert_types);
+ if (rc != GNUTLS_E_SUCCESS) {
+ return -1;
+ }
+ rc = gnutls_protocol_set_priority(s, protocols);
+ if (rc != GNUTLS_E_SUCCESS) {
+ return -1;
+ }
+ return 0;
+}
+#endif
+
+static int vnc_start_tls(struct VncState *vs) {
VNC_DEBUG("Do TLS setup\n");
if (vnc_tls_initialize() < 0) {
VNC_DEBUG("Failed to init TLS\n");
@@ -2161,21 +2200,7 @@ static int vnc_start_tls(struct VncState *vs) {
return -1;
}
- if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
+ if (vnc_set_gnutls_priority(vs->tls_session, !!NEED_X509_AUTH(vs)) < 0) {
gnutls_deinit(vs->tls_session);
vs->tls_session = NULL;
vnc_client_error(vs);
From fa8094c50a674053b63ebb1a1f64235266ec4933 Mon Sep 17 00:00:00 2001
From: Andre Przywara <andre.przywara@amd.com>
Date: Tue, 28 Apr 2015 11:15:39 +0200
Subject: vnc-tls: Fix compilation with newer versions of GNU-TLS
In my installation of GNU-TLS (v3.0.23) the type
gnutls_anon_server_credentials is marked deprecated, so -Werror
breaks compilation.
Simply replacing it with the newer ..._t version fixed the compilation
on my machine (Slackware 14.0). I cannot tell how far back this "new"
type goes, at least the header file in RHEL 5.0 (v1.4.1) seems to have
it already. If someone finds a broken distribution, tell me and I
insert some compat code.
Upstream commit 7d2a929feba319c18603e324b1750830d6c8b7a1
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Message-id: 1350551818-14717-1-git-send-email-andre.przywara@amd.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Olaf Hering <olaf@aepfle.de>
---
vnc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/vnc.c b/vnc.c
index 96f2fba..8ed8a26 100644
--- a/vnc.c
+++ b/vnc.c
@@ -1909,9 +1909,9 @@ static int vnc_tls_initialize(void)
return 1;
}
-static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
+static gnutls_anon_server_credentials_t vnc_tls_initialize_anon_cred(void)
{
- gnutls_anon_server_credentials anon_cred;
+ gnutls_anon_server_credentials_t anon_cred;
int ret;
if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
@@ -2228,7 +2228,7 @@ static int vnc_start_tls(struct VncState *vs) {
}
} else {
- gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
+ gnutls_anon_server_credentials_t anon_cred = vnc_tls_initialize_anon_cred();
if (!anon_cred) {
gnutls_deinit(vs->tls_session);
vs->tls_session = NULL;
