Use gnutls_priority_set_direct() instead of GNUTLS deprecated functions.

2011-06-26 08:19:11 +00:00 · 2011-06-26 08:19:11 +00:00 · 4365a126e3
commit 4365a126e3
parent a55c574436
2 changed files with 50 additions and 0 deletions
--- a/33
+++ b/33
@ -816,6 +816,7 @@ else:
 config_hpp.write('// -- TLS/SSL support\n')
 if env['with_tls'] == 'yes':
 	config_hpp.write('#define VMIME_HAVE_TLS_SUPPORT 1\n')
+	config_hpp.write('#define HAVE_GNUTLS_PRIORITY_FUNCS 1\n')
 else:
 	config_hpp.write('#define VMIME_HAVE_TLS_SUPPORT 0\n')

@ -1626,11 +1627,42 @@ if test "x$conf_tls" = "xyes"; then
 	else
 		AC_MSG_ERROR(can't find an usable version of GNU TLS library)
 	fi
+
+	# -- check for gnutls_priority_set_direct() function
+	if test "x$have_gnutls" = "xyes"; then
+		AC_MSG_CHECKING(for gnutls_priority_set_direct)
+
+		LIBS_save="$LIBS"
+		LIBS="$LIBS $LIBGNUTLS_LIBS"
+		CPPFLAGS_save="$CPPFLAGS"
+		CPPFLAGS="$CPPFLAGS $LIBGNUTLS_CFLAGS"
+
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <gnutls/gnutls.h>],
+		                                [gnutls_session s; gnutls_priority_set_direct(s, NULL, NULL);])],
+		               [have_gnutls_priority_funcs=yes],
+		               [have_gnutls_priority_funcs=no])
+
+		CPPFLAGS="$CPPFLAGS_save"
+		LIBS="$LIBS_save"
+
+		AC_MSG_RESULT([$have_gnutls_priority_funcs])
+
+		if test "x$have_gnutls_priority_funcs" = "xyes"; then
+			AM_CONDITIONAL(HAVE_GNUTLS_PRIORITY_FUNCS, true)
+			HAVE_GNUTLS_PRIORITY_FUNCS=1
+		else
+			AM_CONDITIONAL(HAVE_GNUTLS_PRIORITY_FUNCS, false)
+			HAVE_GNUTLS_PRIORITY_FUNCS=0
+		fi
+	fi
 else
 	AM_CONDITIONAL(VMIME_HAVE_TLS_SUPPORT, false)
 	VMIME_HAVE_TLS_SUPPORT=0
 fi

+AC_SUBST(LIBGNUTLS_CFLAGS)
+AC_SUBST(LIBGNUTLS_LIBS)
+
 # ** platform handlers

 VMIME_BUILTIN_PLATFORMS=''
@ -1919,6 +1951,7 @@ typedef unsigned ${VMIME_TYPE_INT32} vmime_uint32;
 #define VMIME_HAVE_SASL_SUPPORT ${VMIME_HAVE_SASL_SUPPORT}
 // -- TLS support
 #define VMIME_HAVE_TLS_SUPPORT ${VMIME_HAVE_TLS_SUPPORT}
+#define HAVE_GNUTLS_PRIORITY_FUNCS ${HAVE_GNUTLS_PRIORITY_FUNCS}
 // -- Messaging support
 #define VMIME_HAVE_MESSAGING_FEATURES ${VMIME_HAVE_MESSAGING_FEATURES}
 """)
--- a/src/net/tls/TLSSession.cpp
+++ b/src/net/tls/TLSSession.cpp
@ -123,6 +123,21 @@ TLSSession::TLSSession(ref <security::cert::certificateVerifier> cv)

 	// Sets some default priority on the ciphers, key exchange methods,
 	// macs and compression methods.
+#if HAVE_GNUTLS_PRIORITY_FUNCS
+
+	if ((res = gnutls_priority_set_direct
+		(*m_gnutlsSession, "NORMAL:%SSL3_RECORD_VERSION", NULL)) != 0)
+	{
+		if ((res = gnutls_priority_set_direct
+			(*m_gnutlsSession, "NORMAL", NULL)) != 0)
+		{
+			throwTLSException
+				("gnutls_priority_set_direct", res);
+		}
+	}
+
+#else  // !HAVE_GNUTLS_PRIORITY_FUNCS
+
 	gnutls_set_default_priority(*m_gnutlsSession);

 	// Sets the priority on the certificate types supported by gnutls.
@ -197,6 +212,8 @@ TLSSession::TLSSession(ref <security::cert::certificateVerifier> cv)

 	gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);

+#endif // !HAVE_GNUTLS_PRIORITY_FUNCS
+
 	// Initialize credentials
 	gnutls_credentials_set(*m_gnutlsSession,
 		GNUTLS_CRD_ANON, g_gnutlsGlobal.anonCred);