--- /dev/null
+--- eet-1.7.10/src/lib/eet_cipher.c.orig 2013-07-29 16:22:39.000000000 +0200
++++ eet-1.7.10/src/lib/eet_cipher.c 2018-09-19 10:34:46.452526279 +0200
+@@ -56,9 +56,7 @@ void *alloca(size_t);
+
+ #ifdef HAVE_CIPHER
+ # ifdef HAVE_GNUTLS
+-# if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA
+-# include <gnutls/abstract.h>
+-# endif
++# include <gnutls/abstract.h>
+ # include <gnutls/x509.h>
+ # include <gcrypt.h>
+ # else /* ifdef HAVE_GNUTLS */
+@@ -500,10 +498,8 @@ eet_identity_sign(FILE *fp,
+ gnutls_datum_t datum = { NULL, 0 };
+ size_t sign_len = 0;
+ size_t cert_len = 0;
+-#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
+ gnutls_datum_t signum = { NULL, 0 };
+ gnutls_privkey_t privkey;
+-#endif
+ # else /* ifdef HAVE_GNUTLS */
+ EVP_MD_CTX md_ctx;
+ unsigned int sign_len = 0;
+@@ -535,7 +531,6 @@ eet_identity_sign(FILE *fp,
+ datum.size = st_buf.st_size;
+
+ /* Get the signature length */
+-#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
+ if (gnutls_privkey_init(&privkey) < 0)
+ {
+ err = EET_ERROR_SIGNATURE_FAILED;
+@@ -556,30 +551,6 @@ eet_identity_sign(FILE *fp,
+
+ sign = signum.data;
+ sign_len = signum.size;
+-#else
+- if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
+- &datum, sign, &sign_len) &&
+- !sign_len)
+- {
+- err = EET_ERROR_SIGNATURE_FAILED;
+- goto on_error;
+- }
+-
+- /* Get the signature */
+- sign = malloc(sign_len);
+- if (!sign ||
+- gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
+- &datum,
+- sign, &sign_len))
+- {
+- if (!sign)
+- err = EET_ERROR_OUT_OF_MEMORY;
+- else
+- err = EET_ERROR_SIGNATURE_FAILED;
+-
+- goto on_error;
+- }
+-#endif
+
+ /* Get the certificate length */
+ if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
+@@ -729,15 +700,11 @@ eet_identity_check(const void *data_ba
+ gnutls_x509_crt_t cert;
+ gnutls_datum_t datum;
+ gnutls_datum_t signature;
+-# if EET_USE_NEW_GNUTLS_API
+-# if EET_USE_NEW_PUBKEY_VERIFY_HASH
+ gnutls_pubkey_t pubkey;
+ gnutls_digest_algorithm_t hash_algo;
+-# endif
+ unsigned char *hash;
+ gcry_md_hd_t md;
+ int err;
+-# endif /* if EET_USE_NEW_GNUTLS_API */
+
+ /* Create an understanding certificate structure for gnutls */
+ datum.data = (void *)cert_der;
+@@ -749,7 +716,6 @@ eet_identity_check(const void *data_ba
+ signature.size = sign_len;
+
+ /* Verify the signature */
+-# if EET_USE_NEW_GNUTLS_API
+ /*
+ I am waiting for my patch being accepted in GnuTLS release.
+ But we now have a way to prevent double computation of SHA1.
+@@ -767,7 +733,6 @@ eet_identity_check(const void *data_ba
+ datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
+ datum.data = hash;
+
+-# ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
+ if (gnutls_pubkey_init(&pubkey) < 0)
+ goto on_error;
+
+@@ -779,10 +744,6 @@ eet_identity_check(const void *data_ba
+
+ if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
+ goto on_error;
+-# else
+- if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
+- goto on_error;
+-# endif
+
+ if (sha1)
+ {
+@@ -794,20 +755,6 @@ eet_identity_check(const void *data_ba
+ }
+
+ gcry_md_close(md);
+-# else /* if EET_USE_NEW_GNUTLS_API */
+- datum.data = (void *)data_base;
+- datum.size = data_length;
+-
+- if (!gnutls_x509_crt_verify_data(cert, 0, &datum, &signature))
+- return NULL;
+-
+- if (sha1)
+- {
+- *sha1 = NULL;
+- *sha1_length = -1;
+- }
+-
+-# endif /* if EET_USE_NEW_GNUTLS_API */
+ gnutls_x509_crt_deinit(cert);
+
+ # else /* ifdef HAVE_GNUTLS */
+@@ -861,11 +808,9 @@ eet_identity_check(const void *data_ba
+
+ return cert_der;
+ # ifdef HAVE_GNUTLS
+-# if EET_USE_NEW_GNUTLS_API
+ on_error:
+ gcry_md_close(md);
+ return NULL;
+-# endif
+ # endif
+ #else /* ifdef HAVE_SIGNATURE */
+ data_base = NULL;
+--- eet-1.7.10/src/lib/eet_cipher.c.org 2018-09-19 10:53:01.742816086 +0200
++++ eet-1.7.10/src/lib/eet_cipher.c 2018-09-19 10:54:10.794913636 +0200
+@@ -739,10 +739,7 @@ eet_identity_check(const void *data_ba
+ if (gnutls_pubkey_import_x509(pubkey, cert, 0) < 0)
+ goto on_error;
+
+- if (gnutls_pubkey_get_verify_algorithm(pubkey, &signature, &hash_algo) < 0)
+- goto on_error;
+-
+- if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
++ if (gnutls_pubkey_verify_hash2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0, &datum, &signature) < 0)
+ goto on_error;
+
+ if (sha1)