summaryrefslogtreecommitdiff
path: root/ui/vnc-tls.c
diff options
context:
space:
mode:
authorGerd Hoffmann <kraxel@redhat.com>2011-09-07 17:52:10 +0200
committerAnthony Liguori <aliguori@us.ibm.com>2011-09-09 12:58:17 -0500
commitf40d55081667a716312b9a8b6e13835c4074f56b (patch)
treebe7493edc6a3cfde192fa6b17e4191d74f478e3e /ui/vnc-tls.c
parentfa4e49c0c02f728e86df50a1c4a4011de8ca1225 (diff)
downloadqemu-f40d55081667a716312b9a8b6e13835c4074f56b.zip
vns/tls: don't use depricated gnutls functions
Avoid using deprecated gnutls functions with recent gnutls versions. Fixes build failure on Fedora 16. Keep the old way for compatibility with old installations such as RHEL-5 (gnutls 1.4.x). Based on a patch from Raghavendra D Prabhu <raghu.prabhu13@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'ui/vnc-tls.c')
-rw-r--r--ui/vnc-tls.c68
1 files changed, 49 insertions, 19 deletions
diff --git a/ui/vnc-tls.c b/ui/vnc-tls.c
index 2e2456e3ac..ffbd1725a4 100644
--- a/ui/vnc-tls.c
+++ b/ui/vnc-tls.c
@@ -283,13 +283,57 @@ int vnc_tls_validate_certificate(struct VncState *vs)
return 0;
}
+#if defined(GNUTLS_VERSION_NUMBER) && \
+ GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */
+
+static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
+{
+ const char *priority = x509 ? "NORMAL" : "NORMAL:+ANON-DH";
+ int rc;
+
+ rc = gnutls_priority_set_direct(s, priority, NULL);
+ if (rc != GNUTLS_E_SUCCESS) {
+ return -1;
+ }
+ return 0;
+}
+
+#else
+
+static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
+{
+ static const int cert_types[] = { GNUTLS_CRT_X509, 0 };
+ static const int protocols[] = {
+ GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0
+ };
+ static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 };
+ static const int kx_x509[] = {
+ GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
+ GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0
+ };
+ int rc;
+
+ rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon);
+ if (rc != GNUTLS_E_SUCCESS) {
+ return -1;
+ }
+
+ rc = gnutls_certificate_type_set_priority(s, cert_types);
+ if (rc != GNUTLS_E_SUCCESS) {
+ return -1;
+ }
+
+ rc = gnutls_protocol_set_priority(s, protocols);
+ if (rc != GNUTLS_E_SUCCESS) {
+ return -1;
+ }
+ return 0;
+}
+
+#endif
int vnc_tls_client_setup(struct VncState *vs,
int needX509Creds) {
- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
VNC_DEBUG("Do TLS setup\n");
if (vnc_tls_initialize() < 0) {
@@ -310,21 +354,7 @@ int vnc_tls_client_setup(struct VncState *vs,
return -1;
}
- if (gnutls_kx_set_priority(vs->tls.session, needX509Creds ? kx_x509 : kx_anon) < 0) {
- gnutls_deinit(vs->tls.session);
- vs->tls.session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_certificate_type_set_priority(vs->tls.session, cert_type_priority) < 0) {
- gnutls_deinit(vs->tls.session);
- vs->tls.session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_protocol_set_priority(vs->tls.session, protocol_priority) < 0) {
+ if (vnc_set_gnutls_priority(vs->tls.session, needX509Creds) < 0) {
gnutls_deinit(vs->tls.session);
vs->tls.session = NULL;
vnc_client_error(vs);