CUPS did not work with older versions of GNU TLS (STR #4527)

- Add check for gnutls_priority_set_direct, use older gnutls_priority_set API
  if not found.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12269 a1ca3aef-8c08-0410-bb20-df032aa958be

diff --git a/CHANGES-2.0.txt b/CHANGES-2.0.txt
index 3099a990ea161583e13cb3b28862362f2c43bbc3..34da6f87260b1e6d6dea4298b97bdb30913860a8 100644 (file)
--- a/CHANGES-2.0.txt
+++ b/CHANGES-2.0.txt
@@ -7,6 +7,7 @@ CHANGES IN CUPS V2.0.2
          (<rdar://problem/14546232>)
        - The scheduler incorrectly cleared the MakeModel string in the
          printers.conf file after a restart (<rdar://problem/16827518>)
+       - CUPS did not work with older versions of GNU TLS (STR #4527)
 
 
 CHANGES IN CUPS V2.0.1

diff --git a/config-scripts/cups-ssl.m4 b/config-scripts/cups-ssl.m4
index a2ce831c0dff5ef26b2ba2c5e9642994aa06fea2..b27880bf549ba153933ebc17b71a6150fcb0eeea 100644 (file)
--- a/config-scripts/cups-ssl.m4
+++ b/config-scripts/cups-ssl.m4
@@ -82,6 +82,7 @@ if test x$enable_ssl != xno; then
            SAVELIBS="$LIBS"
            LIBS="$LIBS $SSLLIBS"
            AC_CHECK_FUNC(gnutls_transport_set_pull_timeout_function, AC_DEFINE(HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION))
+           AC_CHECK_FUNC(gnutls_priority_set_direct, AC_DEFINE(HAVE_GNUTLS_PRIORITY_SET_DIRECT))
            LIBS="$SAVELIBS"
        fi
     fi

diff --git a/config.h.in b/config.h.in
index 7163e641c15c6d89a69c85fd68eaf3ccfa9fb5aa..5c0a19e38ae5704e6bf8663deddce080d750723c 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -305,6 +305,13 @@
 #undef HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION
 
 
+/*
+ * Do we have the gnutls_priority_set_direct function?
+ */
+
+#undef HAVE_GNUTLS_PRIORITY_SET_DIRECT
+
+
 /*
  * What Security framework headers do we have?
  */

diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index 3d08abcacd08ed9c7aae2dc7d29941f0ea76a401..972dc2ef7d4c70c32529f383a07af8d80a54412c 100644 (file)
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1107,7 +1107,6 @@ _httpTLSStart(http_t *http)               /* I - Connection to server */
                keyfile[1024];          /* Private key file */
     int                have_creds = 0;         /* Have credentials? */
 
-
     if (http->fields[HTTP_FIELD_HOST][0])
     {
      /*
@@ -1197,6 +1196,7 @@ _httpTLSStart(http_t *http)               /* I - Connection to server */
     return (-1);
   }
 
+#ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT
   if (!tls_options)
     gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
   else if ((tls_options & _HTTP_TLS_ALLOW_SSL3) && (tls_options & _HTTP_TLS_ALLOW_RC4))
@@ -1206,6 +1206,22 @@ _httpTLSStart(http_t *http)              /* I - Connection to server */
   else
     gnutls_priority_set_direct(http->tls, "NORMAL:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
 
+#else
+  gnutls_priority_t priority;          /* Priority */
+
+  if (!tls_options)
+    gnutls_priority_init(&priority, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
+  else if ((tls_options & _HTTP_TLS_ALLOW_SSL3) && (tls_options & _HTTP_TLS_ALLOW_RC4))
+    gnutls_priority_init(&priority, "NORMAL", NULL);
+  else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+    gnutls_priority_init(&priority, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL", NULL);
+  else
+    gnutls_priority_init(&priority, "NORMAL:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
+
+  gnutls_priority_set(http->tls, priority);
+  gnutls_priority_deinit(priority);
+#endif /* HAVE_GNUTLS_PRIORITY_SET_DIRECT */
+
   gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr_t)http);
   gnutls_transport_set_pull_function(http->tls, http_gnutls_read);
 #ifdef HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION

diff --git a/vcnet/config.h b/vcnet/config.h
index a1c9bac0eccd1d9aec3f38ed511e437c4d0148ff..37a419f343169bf2bc172047e53f6d4e3143e117 100644 (file)
--- a/vcnet/config.h
+++ b/vcnet/config.h
@@ -380,6 +380,13 @@ typedef unsigned long useconds_t;
 /* #undef HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION */
 
 
+/*
+ * Do we have the gnutls_priority_set_direct function?
+ */
+
+/* #undef HAVE_GNUTLS_PRIORITY_SET_DIRECT */
+
+
 /*
  * What Security framework headers do we have?
  */

diff --git a/xcode/config.h b/xcode/config.h
index 58b9c9b463b6a41624f8f881b27cab5c8761e3a5..50ff18422140ba286a10898878f3d86bfcc78514 100644 (file)
--- a/xcode/config.h
+++ b/xcode/config.h
@@ -300,6 +300,20 @@
 #define HAVE_SSL 1
 
 
+/*
+ * Do we have the gnutls_transport_set_pull_timeout_function function?
+ */
+
+/* #undef HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION */
+
+
+/*
+ * Do we have the gnutls_priority_set_direct function?
+ */
+
+/* #undef HAVE_GNUTLS_PRIORITY_SET_DIRECT */
+
+
 /*
  * What Security framework headers do we have?
  */