samba/patches/samba-4.2.2-s4-lib-tls-use-gnutls_priority_set_direct.patch

From 9d9b38b434b9d2e4b3bddd618cea944dfb960966 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Mon, 13 Apr 2015 22:03:14 +0300
Subject: [PATCH] s4:lib/tls: use gnutls_priority_set_direct()

gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0.
---
 source4/lib/tls/tls.c         | 4 +---
 source4/lib/tls/tls_tstream.c | 9 +--------
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index b9182ad..2bcbb80 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -572,7 +572,6 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
 {
 	struct tls_context *tls;
 	int ret = 0;
-	const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
 	struct socket_context *new_sock;
 	NTSTATUS nt_status;
 
@@ -597,8 +596,7 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
 	gnutls_certificate_allocate_credentials(&tls->xcred);
 	gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM);
 	TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
-	TLSCHECK(gnutls_set_default_priority(tls->session));
-	gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
+	TLSCHECK(gnutls_priority_set_direct(tls->session, "NORMAL:+CTYPE-OPENPGP", NULL));
 	TLSCHECK(gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->xcred));
 
 	talloc_set_destructor(tls, tls_destructor);
diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
index f19f5c5..ff0e881 100644
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -967,11 +967,6 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
 #if ENABLE_GNUTLS
 	struct tstream_tls *tlss;
 	int ret;
-	static const int cert_type_priority[] = {
-		GNUTLS_CRT_X509,
-		GNUTLS_CRT_OPENPGP,
-		0
-	};
 #endif /* ENABLE_GNUTLS */
 
 	req = tevent_req_create(mem_ctx, &state,
@@ -1007,15 +1002,13 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
-	ret = gnutls_set_default_priority(tlss->tls_session);
+	ret = gnutls_priority_set_direct(tlss->tls_session, "NORMAL:+CTYPE-OPENPGP", NULL);
 	if (ret != GNUTLS_E_SUCCESS) {
 		DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
 		tevent_req_error(req, EINVAL);
 		return tevent_req_post(req, ev);
 	}
 
-	gnutls_certificate_type_set_priority(tlss->tls_session, cert_type_priority);
-
 	ret = gnutls_credentials_set(tlss->tls_session,
 				     GNUTLS_CRD_CERTIFICATE,
 				     tls_params->x509_cred);
-- 
2.3.5

1	niro	2591	From 9d9b38b434b9d2e4b3bddd618cea944dfb960966 Mon Sep 17 00:00:00 2001
2			From: Evangelos Foutras <evangelos@foutrelis.com>
3			Date: Mon, 13 Apr 2015 22:03:14 +0300
4			Subject: [PATCH] s4:lib/tls: use gnutls_priority_set_direct()
5
6			gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0.
7			---
8			source4/lib/tls/tls.c \| 4 +---
9			source4/lib/tls/tls_tstream.c \| 9 +--------
10			2 files changed, 2 insertions(+), 11 deletions(-)
11
12			diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
13			index b9182ad..2bcbb80 100644
14			--- a/source4/lib/tls/tls.c
15			+++ b/source4/lib/tls/tls.c
16			@@ -572,7 +572,6 @@ struct socket_context tls_init_client(struct socket_context socket_ctx,
17			{
18			struct tls_context *tls;
19			int ret = 0;
20			- const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
21			struct socket_context *new_sock;
22			NTSTATUS nt_status;
23
24			@@ -597,8 +596,7 @@ struct socket_context tls_init_client(struct socket_context socket_ctx,
25			gnutls_certificate_allocate_credentials(&tls->xcred);
26			gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM);
27			TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
28			- TLSCHECK(gnutls_set_default_priority(tls->session));
29			- gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
30			+ TLSCHECK(gnutls_priority_set_direct(tls->session, "NORMAL:+CTYPE-OPENPGP", NULL));
31			TLSCHECK(gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->xcred));
32
33			talloc_set_destructor(tls, tls_destructor);
34			diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
35			index f19f5c5..ff0e881 100644
36			--- a/source4/lib/tls/tls_tstream.c
37			+++ b/source4/lib/tls/tls_tstream.c
38			@@ -967,11 +967,6 @@ struct tevent_req _tstream_tls_connect_send(TALLOC_CTX mem_ctx,
39			#if ENABLE_GNUTLS
40			struct tstream_tls *tlss;
41			int ret;
42			- static const int cert_type_priority[] = {
43			- GNUTLS_CRT_X509,
44			- GNUTLS_CRT_OPENPGP,
45			- 0
46			- };
47			#endif /* ENABLE_GNUTLS */
48
49			req = tevent_req_create(mem_ctx, &state,
50			@@ -1007,15 +1002,13 @@ struct tevent_req _tstream_tls_connect_send(TALLOC_CTX mem_ctx,
51			return tevent_req_post(req, ev);
52			}
53
54			- ret = gnutls_set_default_priority(tlss->tls_session);
55			+ ret = gnutls_priority_set_direct(tlss->tls_session, "NORMAL:+CTYPE-OPENPGP", NULL);
56			if (ret != GNUTLS_E_SUCCESS) {
57			DEBUG(0,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
58			tevent_req_error(req, EINVAL);
59			return tevent_req_post(req, ev);
60			}
61
62			- gnutls_certificate_type_set_priority(tlss->tls_session, cert_type_priority);
63			-
64			ret = gnutls_credentials_set(tlss->tls_session,
65			GNUTLS_CRD_CERTIFICATE,
66			tls_params->x509_cred);
67			--
68			2.3.5
69