2011-08-30 [colin] 3.7.10cvs11
authorColin Leroy <colin@colino.net>
Tue, 30 Aug 2011 18:59:03 +0000 (18:59 +0000)
committerColin Leroy <colin@colino.net>
Tue, 30 Aug 2011 18:59:03 +0000 (18:59 +0000)
* configure.ac
* src/common/ssl.c
Don't use deprecated functions for GnuTLS priorities.
Require GnuTLS 2.2 that is the first version with the
new function.

ChangeLog
PATCHSETS
configure.ac
src/common/ssl.c

index 687c5a1..7b34861 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2011-08-30 [colin]     3.7.10cvs11
+
+       * configure.ac
+       * src/common/ssl.c
+               Don't use deprecated functions for GnuTLS priorities.
+               Require GnuTLS 2.2 that is the first version with the
+               new function.
+
 2011-08-30 [colin]     3.7.10cvs10
 
        * src/common/socket.c
index 386e415..f972730 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
 ( cvs diff -u -r 1.3.2.34 -r 1.3.2.35 src/ssl_manager.c;  cvs diff -u -r 1.9.2.44 -r 1.9.2.45 src/common/ssl.c;  cvs diff -u -r 1.4.2.39 -r 1.4.2.40 src/common/ssl_certificate.c;  cvs diff -u -r 1.1.4.15 -r 1.1.4.16 src/common/ssl_certificate.h;  cvs diff -u -r 1.1.4.115 -r 1.1.4.116 src/etpan/imap-thread.c;  cvs diff -u -r 1.1.2.17 -r 1.1.2.18 src/etpan/nntp-thread.c;  ) > 3.7.10cvs8.patchset
 ( cvs diff -u -r 1.1.4.116 -r 1.1.4.117 src/etpan/imap-thread.c;  cvs diff -u -r 1.1.2.18 -r 1.1.2.19 src/etpan/nntp-thread.c;  ) > 3.7.10cvs9.patchset
 ( cvs diff -u -r 1.13.2.46 -r 1.13.2.47 src/common/socket.c;  cvs diff -u -r 1.9.2.45 -r 1.9.2.46 src/common/ssl.c;  ) > 3.7.10cvs10.patchset
+( cvs diff -u -r 1.654.2.4291 -r 1.654.2.4292 configure.ac;  cvs diff -u -r 1.9.2.46 -r 1.9.2.47 src/common/ssl.c;  ) > 3.7.10cvs11.patchset
index dbbc94a..1b39ccf 100644 (file)
@@ -12,7 +12,7 @@ MINOR_VERSION=7
 MICRO_VERSION=10
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=10
+EXTRA_VERSION=11
 EXTRA_RELEASE=
 EXTRA_GTK2_VERSION=
 
@@ -415,10 +415,10 @@ if test "x$ac_cv_enable_gnutls" != "xno"; then
   OCPPFLAGS="$CPPFLAGS"
   OLDFLAGS="$LDFLAGS"
   GNUTLS_LIBS=""
-  PKG_CHECK_MODULES(GNUTLS, gnutls >= 2.0.3,
+  PKG_CHECK_MODULES(GNUTLS, gnutls >= 2.2,
        [ac_cv_enable_gnutls=yes],
        [ac_cv_enable_gnutls=no
-        echo "GnuTLS version >= 2.0.3 not found"])
+        echo "GnuTLS version >= 2.2 not found"])
   if test "x$ac_cv_enable_gnutls" = "xyes"; then
    AC_CHECK_HEADER(gpg-error.h,
        [AC_CHECK_LIB(gpg-error, gpg_strerror,,
index 000efdc..0d4028d 100644 (file)
@@ -246,17 +246,6 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
 {
        gnutls_session session;
        int r;
-       const int cipher_prio[] = { GNUTLS_CIPHER_AES_128_CBC,
-                               GNUTLS_CIPHER_3DES_CBC,
-                               GNUTLS_CIPHER_AES_256_CBC,
-                               GNUTLS_CIPHER_ARCFOUR_128, 0 };
-       const int kx_prio[] = { GNUTLS_KX_DHE_RSA,
-                          GNUTLS_KX_RSA, 
-                          GNUTLS_KX_DHE_DSS, 0 };
-       const int mac_prio[] = { GNUTLS_MAC_SHA1,
-                               GNUTLS_MAC_MD5, 0 };
-       const int proto_prio[] = { GNUTLS_TLS1,
-                                 GNUTLS_SSL3, 0 };
        const gnutls_datum *raw_cert_list;
        unsigned int raw_cert_list_length;
        gnutls_x509_crt cert = NULL;
@@ -272,10 +261,8 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
   
        gnutls_transport_set_lowat (session, 0); 
        gnutls_set_default_priority(session);
-       gnutls_protocol_set_priority (session, proto_prio);
-       gnutls_cipher_set_priority (session, cipher_prio);
-       gnutls_kx_set_priority (session, kx_prio);
-       gnutls_mac_set_priority (session, mac_prio);
+
+       gnutls_priority_set_direct(session, "EXPORT", NULL);
        gnutls_record_disable_padding(session);
 
        gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);