From 4365a126e370ba70ad9a2cb2533a6c5b34d3b6e2 Mon Sep 17 00:00:00 2001
From: Vincent Richard <vincent@vincent-richard.net>
Date: Sun, 26 Jun 2011 08:19:11 +0000
Subject: [PATCH] Use gnutls_priority_set_direct() instead of GNUTLS deprecated
 functions.

---
 SConstruct                 | 33 +++++++++++++++++++++++++++++++++
 src/net/tls/TLSSession.cpp | 17 +++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/SConstruct b/SConstruct
index 37c0ac64..01ad3f32 100644
--- a/SConstruct
+++ b/SConstruct
@@ -816,6 +816,7 @@ else:
 config_hpp.write('// -- TLS/SSL support\n')
 if env['with_tls'] == 'yes':
 	config_hpp.write('#define VMIME_HAVE_TLS_SUPPORT 1\n')
+	config_hpp.write('#define HAVE_GNUTLS_PRIORITY_FUNCS 1\n')
 else:
 	config_hpp.write('#define VMIME_HAVE_TLS_SUPPORT 0\n')
 
@@ -1626,11 +1627,42 @@ if test "x$conf_tls" = "xyes"; then
 	else
 		AC_MSG_ERROR(can't find an usable version of GNU TLS library)
 	fi
+
+	# -- check for gnutls_priority_set_direct() function
+	if test "x$have_gnutls" = "xyes"; then
+		AC_MSG_CHECKING(for gnutls_priority_set_direct)
+
+		LIBS_save="$LIBS"
+		LIBS="$LIBS $LIBGNUTLS_LIBS"
+		CPPFLAGS_save="$CPPFLAGS"
+		CPPFLAGS="$CPPFLAGS $LIBGNUTLS_CFLAGS"
+
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <gnutls/gnutls.h>],
+		                                [gnutls_session s; gnutls_priority_set_direct(s, NULL, NULL);])],
+		               [have_gnutls_priority_funcs=yes],
+		               [have_gnutls_priority_funcs=no])
+
+		CPPFLAGS="$CPPFLAGS_save"
+		LIBS="$LIBS_save"
+
+		AC_MSG_RESULT([$have_gnutls_priority_funcs])
+
+		if test "x$have_gnutls_priority_funcs" = "xyes"; then
+			AM_CONDITIONAL(HAVE_GNUTLS_PRIORITY_FUNCS, true)
+			HAVE_GNUTLS_PRIORITY_FUNCS=1
+		else
+			AM_CONDITIONAL(HAVE_GNUTLS_PRIORITY_FUNCS, false)
+			HAVE_GNUTLS_PRIORITY_FUNCS=0
+		fi
+	fi
 else
 	AM_CONDITIONAL(VMIME_HAVE_TLS_SUPPORT, false)
 	VMIME_HAVE_TLS_SUPPORT=0
 fi
 
+AC_SUBST(LIBGNUTLS_CFLAGS)
+AC_SUBST(LIBGNUTLS_LIBS)
+
 # ** platform handlers
 
 VMIME_BUILTIN_PLATFORMS=''
@@ -1919,6 +1951,7 @@ typedef unsigned ${VMIME_TYPE_INT32} vmime_uint32;
 #define VMIME_HAVE_SASL_SUPPORT ${VMIME_HAVE_SASL_SUPPORT}
 // -- TLS support
 #define VMIME_HAVE_TLS_SUPPORT ${VMIME_HAVE_TLS_SUPPORT}
+#define HAVE_GNUTLS_PRIORITY_FUNCS ${HAVE_GNUTLS_PRIORITY_FUNCS}
 // -- Messaging support
 #define VMIME_HAVE_MESSAGING_FEATURES ${VMIME_HAVE_MESSAGING_FEATURES}
 """)
diff --git a/src/net/tls/TLSSession.cpp b/src/net/tls/TLSSession.cpp
index 010c0071..af73a05c 100644
--- a/src/net/tls/TLSSession.cpp
+++ b/src/net/tls/TLSSession.cpp
@@ -123,6 +123,21 @@ TLSSession::TLSSession(ref <security::cert::certificateVerifier> cv)
 
 	// Sets some default priority on the ciphers, key exchange methods,
 	// macs and compression methods.
+#if HAVE_GNUTLS_PRIORITY_FUNCS
+
+	if ((res = gnutls_priority_set_direct
+		(*m_gnutlsSession, "NORMAL:%SSL3_RECORD_VERSION", NULL)) != 0)
+	{
+		if ((res = gnutls_priority_set_direct
+			(*m_gnutlsSession, "NORMAL", NULL)) != 0)
+		{
+			throwTLSException
+				("gnutls_priority_set_direct", res);
+		}
+	}
+
+#else  // !HAVE_GNUTLS_PRIORITY_FUNCS
+
 	gnutls_set_default_priority(*m_gnutlsSession);
 
 	// Sets the priority on the certificate types supported by gnutls.
@@ -197,6 +212,8 @@ TLSSession::TLSSession(ref <security::cert::certificateVerifier> cv)
 
 	gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
 
+#endif // !HAVE_GNUTLS_PRIORITY_FUNCS
+
 	// Initialize credentials
 	gnutls_credentials_set(*m_gnutlsSession,
 		GNUTLS_CRD_ANON, g_gnutlsGlobal.anonCred);