[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] Lynx 2.8.9dev.8 doesn't build against GnuTLS 3.4.x: gnutls_pr
From: |
Axel Beckert |
Subject: |
[Lynx-dev] Lynx 2.8.9dev.8 doesn't build against GnuTLS 3.4.x: gnutls_protocol_set_priority removed |
Date: |
Sat, 23 Jan 2016 20:42:24 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi,
GnuTLS 3.4.8 arrived in Debian Unstable and Lynx no more builds since
then. Reason is the usage of gnutls_protocol_set_priority in
src/tidy_tls.c as gnutls_protocol_set_priority has been removed from
GnuTLS since 3.4.0.
It only seems to be used for cipher/protocol removal in Lynx, so the
following patch makes it build again.
Nevertheless,
* I'm not sure if the changed code paths are really used in my
environment, and
* I'm quite sure that this patch is probably not suitable for general
inclusion as it is probably GnuTLS-specific and also doesn't take
into account that others might build Lynx against older versions of
GnuTLS.
So you likely need to adapt that patch to be more suited for upstream
usage.
Index: lynx/src/tidy_tls.c
===================================================================
--- lynx.orig/src/tidy_tls.c 2015-12-21 10:11:11.719618478 +0100
+++ lynx/src/tidy_tls.c 2016-01-23 20:01:04.100447994 +0100
@@ -262,27 +262,6 @@
ctx->verify_callback = verify_callback;
}
-static void RemoveProtocol(SSL * ssl, int protocol)
-{
- int j, k;
- int changed = 0;
- int *protocols = ssl->ctx->method->priority.protocol;
-
- for (j = k = 0; j < GNUTLS_MAX_ALGORITHM_NUM;) {
- if (protocols[k] == protocol) {
- if (++k >= GNUTLS_MAX_ALGORITHM_NUM)
- break;
- changed = 1;
- } else {
- protocols[j++] = protocols[k++];
- }
- }
-
- if (changed) {
- gnutls_protocol_set_priority(ssl->gnutls_state, protocols);
- }
-}
-
/*
* Initiate the TLS/SSL handshake with an TLS/SSL server.
*/
@@ -294,9 +273,7 @@
const char *aname;
if (ssl->options & SSL_OP_NO_TLSv1)
- RemoveProtocol(ssl, GNUTLS_TLS1);
- if (ssl->options & SSL_OP_NO_SSLv3)
- RemoveProtocol(ssl, GNUTLS_SSL3);
+ gnutls_priority_set(ssl->gnutls_state, "VERS-TLS1.0!");
while ((rc = gnutls_handshake(ssl->gnutls_state)) < 0 &&
!gnutls_error_is_fatal(rc)) {
Kind regards, Axel
--
/~\ Plain Text Ribbon Campaign | Axel Beckert
\ / Say No to HTML in E-Mail and News | address@hidden (Mail)
X See http://www.nonhtmlmail.org/campaign.html | address@hidden (Mail+Jabber)
/ \ I love long mails: http://email.is-not-s.ms/ | http://abe.noone.org/ (Web)
signature.asc
Description: Digital signature