lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lynx-dev] Lynx 2.8.9dev.8 doesn't build against GnuTLS 3.4.x: gnutls_pr

From: Axel Beckert
Subject: [Lynx-dev] Lynx 2.8.9dev.8 doesn't build against GnuTLS 3.4.x: gnutls_protocol_set_priority removed
Date: Sat, 23 Jan 2016 20:42:24 +0100
User-agent: Mutt/1.5.21 (2010-09-15) 
Hi,

GnuTLS 3.4.8 arrived in Debian Unstable and Lynx no more builds since
then. Reason is the usage of gnutls_protocol_set_priority in
src/tidy_tls.c as gnutls_protocol_set_priority has been removed from
GnuTLS since 3.4.0.

It only seems to be used for cipher/protocol removal in Lynx, so the
following patch makes it build again.

Nevertheless,

* I'm not sure if the changed code paths are really used in my
  environment, and

* I'm quite sure that this patch is probably not suitable for general
  inclusion as it is probably GnuTLS-specific and also doesn't take
  into account that others might build Lynx against older versions of
  GnuTLS.

So you likely need to adapt that patch to be more suited for upstream
usage.

Index: lynx/src/tidy_tls.c
===================================================================
--- lynx.orig/src/tidy_tls.c    2015-12-21 10:11:11.719618478 +0100
+++ lynx/src/tidy_tls.c 2016-01-23 20:01:04.100447994 +0100
@@ -262,27 +262,6 @@
     ctx->verify_callback = verify_callback;
 }
 
-static void RemoveProtocol(SSL * ssl, int protocol)
-{
-    int j, k;
-    int changed = 0;
-    int *protocols = ssl->ctx->method->priority.protocol;
-
-    for (j = k = 0; j < GNUTLS_MAX_ALGORITHM_NUM;) {
-       if (protocols[k] == protocol) {
-           if (++k >= GNUTLS_MAX_ALGORITHM_NUM)
-               break;
-           changed = 1;
-       } else {
-           protocols[j++] = protocols[k++];
-       }
-    }
-
-    if (changed) {
-       gnutls_protocol_set_priority(ssl->gnutls_state, protocols);
-    }
-}
-
 /*
  * Initiate the TLS/SSL handshake with an TLS/SSL server.
  */
@@ -294,9 +273,7 @@
     const char *aname;
 
     if (ssl->options & SSL_OP_NO_TLSv1)
-       RemoveProtocol(ssl, GNUTLS_TLS1);
-    if (ssl->options & SSL_OP_NO_SSLv3)
-       RemoveProtocol(ssl, GNUTLS_SSL3);
+       gnutls_priority_set(ssl->gnutls_state, "VERS-TLS1.0!");
 
     while ((rc = gnutls_handshake(ssl->gnutls_state)) < 0 &&
           !gnutls_error_is_fatal(rc)) {

                Kind regards, Axel
-- 
/~\  Plain Text Ribbon Campaign                   | Axel Beckert
\ /  Say No to HTML in E-Mail and News            | address@hidden  (Mail)
 X   See http://www.nonhtmlmail.org/campaign.html | address@hidden (Mail+Jabber)
/ \  I love long mails: http://email.is-not-s.ms/ | http://abe.noone.org/ (Web)

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]