From 61a319c224cda0bbd408514bdfdc533285739fec Mon Sep 17 00:00:00 2001
From: "Barak A. Pearlmutter" <barak+git@cs.nuim.ie>
Date: Fri, 17 Aug 2012 12:23:06 +0200
Subject: [PATCH] gnutls cleanup

Stop ignoring some gnutls return codes.

Rewrite call to depricated gnutls_set_default_priority() to use
gnutls_priority_set_direct() instead.

Remove call to deprecated routine
gnutls_certificate_type_set_priority, no changes necessary.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 common/common.c | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/common/common.c b/common/common.c
index 488c145..d45e567 100755
--- a/common/common.c
+++ b/common/common.c
@@ -271,8 +271,6 @@ TLSSOCKET sock_alloc(void);
 TLSSOCKET sock_alloc(void)
 {
 #ifdef AICCU_GNUTLS
-	/* Allow connections to servers that have OpenPGP keys as well */
-	const int	cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
 	int		ret;
 #endif /* AICCU_GNUTLS*/
 
@@ -289,7 +287,7 @@ TLSSOCKET sock_alloc(void)
 
 	/* Initialize TLS session */
 	ret = gnutls_init(&sock->session, GNUTLS_CLIENT);
-	if (ret != 0)
+	if (ret != GNUTLS_E_SUCCESS)
 	{
 		dolog(LOG_ERR, "TLS Init failed: %s (%d)\n", gnutls_strerror(ret), ret);
 		free(sock);
@@ -297,15 +295,24 @@ TLSSOCKET sock_alloc(void)
 	}
 
 	/* Use default priorities */
-	gnutls_set_default_priority(sock->session);
-	/* XXX: Return value is not documented in GNUTLS documentation! */
-
-	gnutls_certificate_type_set_priority(sock->session, cert_type_priority);
-	/* XXX: Return value is not documented in GNUTLS documentation! */
+	ret = gnutls_priority_set_direct(sock->session, "NORMAL", NULL);
+	if (ret != GNUTLS_E_SUCCESS)
+	{
+		dolog(LOG_ERR, "TLS set default priority failed: %s (%d)\n", gnutls_strerror(ret), ret);
+		gnutls_deinit(sock->session);
+		free(sock);
+		return NULL;
+	}
 
 	/* Configure the x509 credentials for the current session */
-	gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
-	/* XXX: Return value is not documented in GNUTLS documentation! */
+	ret = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
+	if (ret != GNUTLS_E_SUCCESS)
+	{
+		dolog(LOG_ERR, "TLS credentials set failed: %s (%d)\n", gnutls_strerror(ret), ret);
+		gnutls_deinit(sock->session);
+		free(sock);
+		return NULL;
+	}
 
 #endif /* AICCU_GNUTLS*/
 
-- 
2.47.3