TLSSOCKET sock_alloc(void)
{
#ifdef AICCU_GNUTLS
- /* Allow connections to servers that have OpenPGP keys as well */
- const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
int ret;
#endif /* AICCU_GNUTLS*/
/* Initialize TLS session */
ret = gnutls_init(&sock->session, GNUTLS_CLIENT);
- if (ret != 0)
+ if (ret != GNUTLS_E_SUCCESS)
{
dolog(LOG_ERR, "TLS Init failed: %s (%d)\n", gnutls_strerror(ret), ret);
free(sock);
}
/* Use default priorities */
- gnutls_set_default_priority(sock->session);
- /* XXX: Return value is not documented in GNUTLS documentation! */
-
- gnutls_certificate_type_set_priority(sock->session, cert_type_priority);
- /* XXX: Return value is not documented in GNUTLS documentation! */
+ ret = gnutls_priority_set_direct(sock->session, "NORMAL", NULL);
+ if (ret != GNUTLS_E_SUCCESS)
+ {
+ dolog(LOG_ERR, "TLS set default priority failed: %s (%d)\n", gnutls_strerror(ret), ret);
+ gnutls_deinit(sock->session);
+ free(sock);
+ return NULL;
+ }
/* Configure the x509 credentials for the current session */
- gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
- /* XXX: Return value is not documented in GNUTLS documentation! */
+ ret = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
+ if (ret != GNUTLS_E_SUCCESS)
+ {
+ dolog(LOG_ERR, "TLS credentials set failed: %s (%d)\n", gnutls_strerror(ret), ret);
+ gnutls_deinit(sock->session);
+ free(sock);
+ return NULL;
+ }
#endif /* AICCU_GNUTLS*/