Commit a873b95c authored by Daniel Stenberg's avatar Daniel Stenberg Committed by Yang Tse
Browse files

gtls_connect_step1: remove use of deprecated functions 

Use gnutls_priority_set_direct() instead of gnutls_protocol_set_priority().

Remove the gnutls_certificate_type_set_priority() use since x509 is the
default certificate type anyway.

Reported by: Vincent Torri
parent 6bdeca96

lib/gtls.c

+12 −1
Original line number Original line Diff line number Diff line
@@ -82,6 +82,7 @@ static bool gtls_inited = FALSE; 
#  if (GNUTLS_VERSION_NUMBER >= 0x020c00)

#  if (GNUTLS_VERSION_NUMBER >= 0x020c00)

#    undef gnutls_transport_set_lowat

#    undef gnutls_transport_set_lowat

#    define gnutls_transport_set_lowat(A,B) Curl_nop_stmt

#    define gnutls_transport_set_lowat(A,B) Curl_nop_stmt

#    define USE_GNUTLS_PRIORITY_SET_DIRECT 1

#  endif

#  endif

#  if (GNUTLS_VERSION_NUMBER >= 0x020c03)

#  if (GNUTLS_VERSION_NUMBER >= 0x020c03)

#    undef gnutls_transport_set_global_errno

#    undef gnutls_transport_set_global_errno
@@ -320,7 +321,9 @@ static CURLcode 
gtls_connect_step1(struct connectdata *conn,

gtls_connect_step1(struct connectdata *conn,

                   int sockindex)

                   int sockindex)

{

{

#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT

  static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };

  static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };

#endif

  struct SessionHandle *data = conn->data;

  struct SessionHandle *data = conn->data;

  gnutls_session session;

  gnutls_session session;

  int rc;

  int rc;
@@ -440,18 +443,26 @@ gtls_connect_step1(struct connectdata *conn, 
    return CURLE_SSL_CONNECT_ERROR;

    return CURLE_SSL_CONNECT_ERROR;





  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {

  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {

#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT

    static const int protocol_priority[] = { GNUTLS_SSL3, 0 };

    static const int protocol_priority[] = { GNUTLS_SSL3, 0 };

    gnutls_protocol_set_priority(session, protocol_priority);

    rc = gnutls_protocol_set_priority(session, protocol_priority);

#else

    const char *err;

    rc = gnutls_priority_set_direct(session, "-VERS-TLS-ALL:+VERS-SSL3.0",

                                    &err);

#endif

    if(rc != GNUTLS_E_SUCCESS)

    if(rc != GNUTLS_E_SUCCESS)

      return CURLE_SSL_CONNECT_ERROR;

      return CURLE_SSL_CONNECT_ERROR;

  }

  }





#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT

  /* Sets the priority on the certificate types supported by gnutls. Priority

  /* Sets the priority on the certificate types supported by gnutls. Priority

     is higher for types specified before others. After specifying the types

     is higher for types specified before others. After specifying the types

     you want, you must append a 0. */

     you want, you must append a 0. */

  rc = gnutls_certificate_type_set_priority(session, cert_type_priority);

  rc = gnutls_certificate_type_set_priority(session, cert_type_priority);

  if(rc != GNUTLS_E_SUCCESS)

  if(rc != GNUTLS_E_SUCCESS)

    return CURLE_SSL_CONNECT_ERROR;

    return CURLE_SSL_CONNECT_ERROR;

#endif





  if(data->set.str[STRING_CERT]) {

  if(data->set.str[STRING_CERT]) {

    if(gnutls_certificate_set_x509_key_file(

    if(gnutls_certificate_set_x509_key_file(