xen-gnutls-3.4.patch

   1 --- ./tools/qemu-xen-traditional/vnc.c.orig
   2 +++ ./tools/qemu-xen-traditional/vnc.c
   3 @@ -2137,10 +2137,6 @@
   4
   5
   6  static int vnc_start_tls(struct VncState *vs) {
   7 -    static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
   8 -    static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
   9 -    static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
  10 -    static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
  11
  12      VNC_DEBUG("Do TLS setup\n");
  13      if (vnc_tls_initialize() < 0) {
  14 @@ -2161,21 +2157,7 @@
  15             return -1;
  16         }
  17
  18 -       if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
  19 -           gnutls_deinit(vs->tls_session);
  20 -           vs->tls_session = NULL;
  21 -           vnc_client_error(vs);
  22 -           return -1;
  23 -       }
  24 -
  25 -       if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
  26 -           gnutls_deinit(vs->tls_session);
  27 -           vs->tls_session = NULL;
  28 -           vnc_client_error(vs);
  29 -           return -1;
  30 -       }
  31 -
  32 -       if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
  33 +       if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
  34             gnutls_deinit(vs->tls_session);
  35             vs->tls_session = NULL;
  36             vnc_client_error(vs);