1 From 61a319c224cda0bbd408514bdfdc533285739fec Mon Sep 17 00:00:00 2001
2 From: "Barak A. Pearlmutter" <barak+git@cs.nuim.ie>
3 Date: Fri, 17 Aug 2012 12:23:06 +0200
4 Subject: [PATCH 02/10] gnutls cleanup
6 Stop ignoring some gnutls return codes.
8 Rewrite call to depricated gnutls_set_default_priority() to use
9 gnutls_priority_set_direct() instead.
11 Remove call to deprecated routine
12 gnutls_certificate_type_set_priority, no changes necessary.
14 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
16 common/common.c | 27 +++++++++++++++++----------
17 1 file changed, 17 insertions(+), 10 deletions(-)
19 diff --git a/common/common.c b/common/common.c
20 index 488c145..d45e567 100755
23 @@ -271,8 +271,6 @@ TLSSOCKET sock_alloc(void);
24 TLSSOCKET sock_alloc(void)
27 - /* Allow connections to servers that have OpenPGP keys as well */
28 - const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
30 #endif /* AICCU_GNUTLS*/
32 @@ -289,7 +287,7 @@ TLSSOCKET sock_alloc(void)
34 /* Initialize TLS session */
35 ret = gnutls_init(&sock->session, GNUTLS_CLIENT);
37 + if (ret != GNUTLS_E_SUCCESS)
39 dolog(LOG_ERR, "TLS Init failed: %s (%d)\n", gnutls_strerror(ret), ret);
41 @@ -297,15 +295,24 @@ TLSSOCKET sock_alloc(void)
44 /* Use default priorities */
45 - gnutls_set_default_priority(sock->session);
46 - /* XXX: Return value is not documented in GNUTLS documentation! */
48 - gnutls_certificate_type_set_priority(sock->session, cert_type_priority);
49 - /* XXX: Return value is not documented in GNUTLS documentation! */
50 + ret = gnutls_priority_set_direct(sock->session, "NORMAL", NULL);
51 + if (ret != GNUTLS_E_SUCCESS)
53 + dolog(LOG_ERR, "TLS set default priority failed: %s (%d)\n", gnutls_strerror(ret), ret);
54 + gnutls_deinit(sock->session);
59 /* Configure the x509 credentials for the current session */
60 - gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
61 - /* XXX: Return value is not documented in GNUTLS documentation! */
62 + ret = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
63 + if (ret != GNUTLS_E_SUCCESS)
65 + dolog(LOG_ERR, "TLS credentials set failed: %s (%d)\n", gnutls_strerror(ret), ret);
66 + gnutls_deinit(sock->session);
71 #endif /* AICCU_GNUTLS*/