[packages/xen.git] / xen-gnutls-3.4.patch

--- ./tools/qemu-xen-traditional/vnc.c.orig
+++ ./tools/qemu-xen-traditional/vnc.c
@@ -2137,10 +2137,6 @@
 
 
 static int vnc_start_tls(struct VncState *vs) {
-    static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
-    static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
-    static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
-    static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
 
     VNC_DEBUG("Do TLS setup\n");
     if (vnc_tls_initialize() < 0) {
@@ -2161,21 +2157,7 @@
 	    return -1;
 	}
 
-	if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
-	    gnutls_deinit(vs->tls_session);
-	    vs->tls_session = NULL;
-	    vnc_client_error(vs);
-	    return -1;
-	}
-
-	if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
-	    gnutls_deinit(vs->tls_session);
-	    vs->tls_session = NULL;
-	    vnc_client_error(vs);
-	    return -1;
-	}
-
-	if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
+	if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
 	    gnutls_deinit(vs->tls_session);
 	    vs->tls_session = NULL;
 	    vnc_client_error(vs);
Commit	Line	Data
364c88c5 JB	1	--- ./tools/qemu-xen-traditional/vnc.c.orig
	2	+++ ./tools/qemu-xen-traditional/vnc.c
	3	@@ -2137,10 +2137,6 @@
	4
	5
	6	static int vnc_start_tls(struct VncState *vs) {
	7	- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
	8	- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
	9	- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
	10	- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
	11
	12	VNC_DEBUG("Do TLS setup\n");
	13	if (vnc_tls_initialize() < 0) {
	14	@@ -2161,21 +2157,7 @@
	15	return -1;
	16	}
	17
	18	- if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
	19	- gnutls_deinit(vs->tls_session);
	20	- vs->tls_session = NULL;
	21	- vnc_client_error(vs);
	22	- return -1;
	23	- }
	24	-
	25	- if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
	26	- gnutls_deinit(vs->tls_session);
	27	- vs->tls_session = NULL;
	28	- vnc_client_error(vs);
	29	- return -1;
	30	- }
	31	-
	32	- if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
	33	+ if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
	34	gnutls_deinit(vs->tls_session);
	35	vs->tls_session = NULL;
	36	vnc_client_error(vs);