Contents of /trunk/tigervnc/patches/tigervnc-1.5.0-gnutls3.patch
Parent Directory | Revision Log
Revision 2621 -
(show annotations)
(download)
Thu Jul 16 06:59:55 2015 UTC (9 years, 2 months ago) by niro
File size: 22411 byte(s)
Thu Jul 16 06:59:55 2015 UTC (9 years, 2 months ago) by niro
File size: 22411 byte(s)
-fixes for 1.5.0
1 | From 88c24edd8f7a793561104be50b6ecf2c85b42956 Mon Sep 17 00:00:00 2001 |
2 | From: Pierre Ossman <ossman@cendio.se> |
3 | Date: Thu, 29 Jan 2015 13:12:22 +0100 |
4 | Subject: [PATCH] Raise GnuTLS requirements to 3.x |
5 | |
6 | This allows us to simplify things by getting rid of some old |
7 | compatibility code. People should really be using current versions |
8 | of GnuTLS anyway to stay secure. |
9 | --- |
10 | BUILDING.txt | 2 +- |
11 | CMakeLists.txt | 24 ------ |
12 | common/os/CMakeLists.txt | 3 +- |
13 | common/os/tls.cxx | 198 -------------------------------------------- |
14 | common/os/tls.h | 59 ------------- |
15 | common/rdr/TLSErrno.h | 46 ---------- |
16 | common/rdr/TLSInStream.cxx | 11 ++- |
17 | common/rdr/TLSInStream.h | 6 +- |
18 | common/rdr/TLSOutStream.cxx | 9 +- |
19 | common/rdr/TLSOutStream.h | 6 +- |
20 | common/rfb/CSecurityTLS.cxx | 31 ++++--- |
21 | common/rfb/CSecurityTLS.h | 6 +- |
22 | common/rfb/SSecurityTLS.cxx | 23 +++-- |
23 | common/rfb/SSecurityTLS.h | 10 +-- |
24 | config.h.in | 7 -- |
25 | 15 files changed, 60 insertions(+), 381 deletions(-) |
26 | delete mode 100644 common/os/tls.cxx |
27 | delete mode 100644 common/os/tls.h |
28 | delete mode 100644 common/rdr/TLSErrno.h |
29 | |
30 | diff --git a/BUILDING.txt b/BUILDING.txt |
31 | index 0cb830b..67a4f08 100644 |
32 | --- a/BUILDING.txt |
33 | +++ b/BUILDING.txt |
34 | @@ -12,7 +12,7 @@ Build Requirements (All Systems) |
35 | -- FLTK 1.3.3 or later |
36 | |
37 | -- If building TLS support: |
38 | - * GnuTLS |
39 | + * GnuTLS 3.x |
40 | * See "Building TLS Support" below. |
41 | |
42 | -- If building native language support (NLS): |
43 | diff --git a/CMakeLists.txt b/CMakeLists.txt |
44 | index c7e6349..882077a 100644 |
45 | --- a/CMakeLists.txt |
46 | +++ b/CMakeLists.txt |
47 | @@ -236,30 +236,6 @@ if(ENABLE_GNUTLS) |
48 | include_directories(${GNUTLS_INCLUDE_DIR}) |
49 | add_definitions("-DHAVE_GNUTLS") |
50 | add_definitions(${GNUTLS_DEFINITIONS}) |
51 | - |
52 | - # Detect old version of GnuTLS |
53 | - set(CMAKE_REQUIRED_FLAGS -I${GNUTLS_INCLUDE_DIR}) |
54 | - set(CMAKE_EXTRA_INCLUDE_FILES gnutls/gnutls.h) |
55 | - set(CMAKE_REQUIRED_LIBRARIES ${GNUTLS_LIBRARIES}) |
56 | - if(WIN32) |
57 | - set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ws2_32 user32) |
58 | - endif() |
59 | - if(ZLIB_FOUND) |
60 | - # When we build against the static version of GnuTLS, we also use the |
61 | - # included version of Zlib, but it isn't built yet, so we have to use the |
62 | - # system's version (if available) to perform this test. |
63 | - set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES};-lz) |
64 | - endif() |
65 | - check_function_exists(gnutls_transport_set_errno HAVE_GNUTLS_SET_ERRNO) |
66 | - check_function_exists(gnutls_transport_set_global_errno HAVE_GNUTLS_SET_GLOBAL_ERRNO) |
67 | - check_function_exists(gnutls_x509_crt_print HAVE_GNUTLS_X509_CRT_PRINT) |
68 | - check_type_size(gnutls_x509_crt_t GNUTLS_X509_CRT_T) |
69 | - check_type_size(gnutls_datum_t GNUTLS_DATUM_T) |
70 | - check_type_size(gnutls_pk_algorithm_t GNUTLS_PK_ALGORITHM_T) |
71 | - check_type_size(gnutls_sign_algorithm_t GNUTLS_SIGN_ALGORITHM_T) |
72 | - set(CMAKE_REQUIRED_FLAGS) |
73 | - set(CMAKE_EXTRA_INCLUDE_FILES) |
74 | - set(CMAKE_REQUIRED_LIBRARIES) |
75 | endif() |
76 | endif() |
77 | |
78 | diff --git a/common/os/CMakeLists.txt b/common/os/CMakeLists.txt |
79 | index fd3794d..f082eef 100644 |
80 | --- a/common/os/CMakeLists.txt |
81 | +++ b/common/os/CMakeLists.txt |
82 | @@ -2,8 +2,7 @@ include_directories(${CMAKE_SOURCE_DIR}/common) |
83 | |
84 | add_library(os STATIC |
85 | w32tiger.c |
86 | - os.cxx |
87 | - tls.cxx) |
88 | + os.cxx) |
89 | |
90 | if(UNIX) |
91 | libtool_create_control_file(os) |
92 | diff --git a/common/os/tls.cxx b/common/os/tls.cxx |
93 | deleted file mode 100644 |
94 | index c092996..0000000 |
95 | --- a/common/os/tls.cxx |
96 | +++ /dev/null |
97 | @@ -1,198 +0,0 @@ |
98 | -/* Copyright (C) 2011 TightVNC Team. All Rights Reserved. |
99 | - * |
100 | - * This is free software; you can redistribute it and/or modify |
101 | - * it under the terms of the GNU General Public License as published by |
102 | - * the Free Software Foundation; either version 2 of the License, or |
103 | - * (at your option) any later version. |
104 | - * |
105 | - * This software is distributed in the hope that it will be useful, |
106 | - * but WITHOUT ANY WARRANTY; without even the implied warranty of |
107 | - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
108 | - * GNU General Public License for more details. |
109 | - * |
110 | - * You should have received a copy of the GNU General Public License |
111 | - * along with this software; if not, write to the Free Software |
112 | - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
113 | - * USA. |
114 | - */ |
115 | - |
116 | -#ifdef HAVE_CONFIG_H |
117 | -#include <config.h> |
118 | -#endif |
119 | - |
120 | -#include <os/tls.h> |
121 | - |
122 | -#include <iomanip> |
123 | -#include <stdio.h> |
124 | -#include <stdlib.h> |
125 | -#include <string.h> |
126 | -#include <sstream> |
127 | -#include <sys/types.h> |
128 | -#include <time.h> |
129 | - |
130 | -using namespace std; |
131 | - |
132 | -#if defined(HAVE_GNUTLS) && !defined(WIN32) |
133 | -#include <gnutls/gnutls.h> |
134 | -#include <gnutls/x509.h> |
135 | - |
136 | -#ifndef HAVE_GNUTLS_X509_CRT_PRINT |
137 | - |
138 | -/* Ancient GNUTLS... */ |
139 | -#if !defined(GNUTLS_VERSION_NUMBER) && !defined(LIBGNUTLS_VERSION_NUMBER) |
140 | -#define GNUTLS_DIG_SHA1 GNUTLS_DIG_SHA |
141 | -#endif |
142 | - |
143 | -#define UNKNOWN_SUBJECT(err) \ |
144 | - do { \ |
145 | - ss << "unknown subject (" << gnutls_strerror(err) << "), "; \ |
146 | - } while (0) |
147 | - |
148 | -#define UNKNOWN_ISSUER(err) \ |
149 | - do { \ |
150 | - ss << "unknown issuer (" << gnutls_strerror(err) << "), "; \ |
151 | - } while (0) |
152 | - |
153 | - |
154 | -static void |
155 | -hexprint(ostringstream &ss, const char *data, size_t len) |
156 | -{ |
157 | - size_t j; |
158 | - char tmp[3]; |
159 | - |
160 | - if (len == 0) |
161 | - ss << "00"; |
162 | - else { |
163 | - for (j = 0; j < len; j++) { |
164 | - snprintf(tmp, sizeof(tmp), "%.2x", (unsigned char) data[j]); |
165 | - ss << tmp; |
166 | - } |
167 | - } |
168 | -} |
169 | - |
170 | -/* Implementation based on gnutls_x509_crt_print from GNUTLS */ |
171 | -int |
172 | -gnutls_x509_crt_print(gnutls_x509_crt_t cert, |
173 | - gnutls_certificate_print_formats_t format, |
174 | - gnutls_datum_t * out) |
175 | -{ |
176 | - ostringstream ss; |
177 | - |
178 | - int err; |
179 | - |
180 | - char *dn; |
181 | - size_t dn_size = 0; |
182 | - |
183 | - /* Subject */ |
184 | - err = gnutls_x509_crt_get_dn(cert, NULL, &dn_size); |
185 | - if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) |
186 | - UNKNOWN_SUBJECT(err); |
187 | - else { |
188 | - dn = (char *)malloc(dn_size); |
189 | - if (dn == NULL) { |
190 | - UNKNOWN_SUBJECT(GNUTLS_E_MEMORY_ERROR); |
191 | - } else { |
192 | - err = gnutls_x509_crt_get_dn(cert, dn, &dn_size); |
193 | - if (err < 0) { |
194 | - UNKNOWN_SUBJECT(err); |
195 | - } else |
196 | - ss << "subject `" << dn << "', "; |
197 | - free(dn); |
198 | - } |
199 | - } |
200 | - |
201 | - /* Issuer */ |
202 | - dn = NULL; |
203 | - dn_size = 0; |
204 | - err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &dn_size); |
205 | - if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) |
206 | - UNKNOWN_ISSUER(err); |
207 | - else { |
208 | - dn = (char *)malloc(dn_size); |
209 | - if (dn == NULL) { |
210 | - UNKNOWN_ISSUER(GNUTLS_E_MEMORY_ERROR); |
211 | - } else { |
212 | - err = gnutls_x509_crt_get_issuer_dn(cert, dn, &dn_size); |
213 | - if (err < 0) |
214 | - UNKNOWN_ISSUER(err); |
215 | - else |
216 | - ss << "issuer `" << dn << "', "; |
217 | - free(dn); |
218 | - } |
219 | - } |
220 | - |
221 | - /* Key algorithm and size */ |
222 | - unsigned int bits; |
223 | - const char *name; |
224 | - name = gnutls_pk_algorithm_get_name( (gnutls_pk_algorithm_t) |
225 | - gnutls_x509_crt_get_pk_algorithm(cert, &bits)); |
226 | - if (name == NULL) |
227 | - name = "Unknown"; |
228 | - ss << name << " key " << bits << " bits, "; |
229 | - |
230 | - /* Signature algorithm */ |
231 | - err = gnutls_x509_crt_get_signature_algorithm(cert); |
232 | - if (err < 0) { |
233 | - ss << "unknown signature algorithm (" << gnutls_strerror(err) |
234 | - << "), "; |
235 | - } else { |
236 | - const char *name; |
237 | - name = gnutls_sign_algorithm_get_name((gnutls_sign_algorithm_t)err); |
238 | - if (name == NULL) |
239 | - name = "Unknown"; |
240 | - |
241 | - ss << "signed using " << name; |
242 | - if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2) |
243 | - ss << " (broken!)"; |
244 | - ss << ", "; |
245 | - } |
246 | - |
247 | - /* Validity */ |
248 | - time_t tim; |
249 | - char s[42]; |
250 | - size_t max = sizeof(s); |
251 | - struct tm t; |
252 | - |
253 | - tim = gnutls_x509_crt_get_activation_time(cert); |
254 | - if (gmtime_r(&tim, &t) == NULL) |
255 | - ss << "unknown activation (" << (unsigned long) tim << ")"; |
256 | - else if (strftime(s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) |
257 | - ss << "failed activation (" << (unsigned long) tim << ")"; |
258 | - else |
259 | - ss << "activated `" << s << "'"; |
260 | - ss << ", "; |
261 | - |
262 | - tim = gnutls_x509_crt_get_expiration_time(cert); |
263 | - if (gmtime_r(&tim, &t) == NULL) |
264 | - ss << "unknown expiry (" << (unsigned long) tim << ")"; |
265 | - else if (strftime(s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) |
266 | - ss << "failed expiry (" << (unsigned long) tim << ")"; |
267 | - else |
268 | - ss << "expires `" << s << "'"; |
269 | - ss << ", "; |
270 | - |
271 | - /* Fingerprint */ |
272 | - char buffer[20]; |
273 | - size_t size = sizeof(buffer); |
274 | - |
275 | - err = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, buffer, &size); |
276 | - if (err < 0) |
277 | - ss << "unknown fingerprint (" << gnutls_strerror(err) << ")"; |
278 | - else { |
279 | - ss << "SHA-1 fingerprint `"; |
280 | - hexprint(ss, buffer, size); |
281 | - ss << "'"; |
282 | - } |
283 | - |
284 | - out->data = (unsigned char *) strdup(ss.str().c_str()); |
285 | - if (out->data == NULL) |
286 | - return GNUTLS_E_MEMORY_ERROR; |
287 | - out->size = strlen((char *)out->data); |
288 | - |
289 | - return 0; |
290 | -} |
291 | - |
292 | -#endif /* HAVE_GNUTLS_X509_CRT_PRINT */ |
293 | - |
294 | -#endif /* HAVE_GNUTLS */ |
295 | - |
296 | diff --git a/common/os/tls.h b/common/os/tls.h |
297 | deleted file mode 100644 |
298 | index 6920bb0..0000000 |
299 | --- a/common/os/tls.h |
300 | +++ /dev/null |
301 | @@ -1,59 +0,0 @@ |
302 | -/* Copyright (C) 2011 TightVNC Team. All Rights Reserved. |
303 | - * |
304 | - * This is free software; you can redistribute it and/or modify |
305 | - * it under the terms of the GNU General Public License as published by |
306 | - * the Free Software Foundation; either version 2 of the License, or |
307 | - * (at your option) any later version. |
308 | - * |
309 | - * This software is distributed in the hope that it will be useful, |
310 | - * but WITHOUT ANY WARRANTY; without even the implied warranty of |
311 | - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
312 | - * GNU General Public License for more details. |
313 | - * |
314 | - * You should have received a copy of the GNU General Public License |
315 | - * along with this software; if not, write to the Free Software |
316 | - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
317 | - * USA. |
318 | - */ |
319 | - |
320 | -#ifndef OS_TLS_H |
321 | -#define OS_TLS_H |
322 | - |
323 | -#ifdef HAVE_CONFIG_H |
324 | -#include <config.h> |
325 | -#endif |
326 | - |
327 | -#if defined(HAVE_GNUTLS) |
328 | -#include <gnutls/gnutls.h> |
329 | - |
330 | -#ifndef HAVE_GNUTLS_DATUM_T |
331 | -typedef gnutls_datum gnutls_datum_t; |
332 | -#endif |
333 | -#ifndef HAVE_GNUTLS_X509_CRT_T |
334 | -typedef gnutls_x509_crt gnutls_x509_crt_t; |
335 | -#endif |
336 | -#ifndef HAVE_GNUTLS_PK_ALGORITHM_T |
337 | -typedef gnutls_pk_algorithm gnutls_pk_algorithm_t; |
338 | -#endif |
339 | -#ifndef HAVE_GNUTLS_SIGN_ALGORITHM_T |
340 | -typedef gnutls_sign_algorithm gnutls_sign_algorithm_t; |
341 | -#endif |
342 | - |
343 | -#ifndef HAVE_GNUTLS_X509_CRT_PRINT |
344 | - |
345 | -typedef enum { |
346 | - GNUTLS_CRT_PRINT_ONELINE = 1 |
347 | -} gnutls_certificate_print_formats_t; |
348 | - |
349 | -/* |
350 | - * Prints certificate in human-readable form. |
351 | - */ |
352 | -int |
353 | -gnutls_x509_crt_print(gnutls_x509_crt_t cert, |
354 | - gnutls_certificate_print_formats_t format, |
355 | - gnutls_datum_t * out); |
356 | -#endif /* HAVE_GNUTLS_X509_CRT_PRINT */ |
357 | -#endif /* HAVE_GNUTLS */ |
358 | - |
359 | -#endif /* OS_TLS_H */ |
360 | - |
361 | diff --git a/common/rdr/TLSErrno.h b/common/rdr/TLSErrno.h |
362 | deleted file mode 100644 |
363 | index c2ff023..0000000 |
364 | --- a/common/rdr/TLSErrno.h |
365 | +++ /dev/null |
366 | @@ -1,46 +0,0 @@ |
367 | -/* Copyright (C) 2012 Pierre Ossman for Cendio AB |
368 | - * |
369 | - * This is free software; you can redistribute it and/or modify |
370 | - * it under the terms of the GNU General Public License as published by |
371 | - * the Free Software Foundation; either version 2 of the License, or |
372 | - * (at your option) any later version. |
373 | - * |
374 | - * This software is distributed in the hope that it will be useful, |
375 | - * but WITHOUT ANY WARRANTY; without even the implied warranty of |
376 | - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
377 | - * GNU General Public License for more details. |
378 | - * |
379 | - * You should have received a copy of the GNU General Public License |
380 | - * along with this software; if not, write to the Free Software |
381 | - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
382 | - * USA. |
383 | - */ |
384 | - |
385 | -#ifndef __RDR_TLSERRNO_H__ |
386 | -#define __RDR_TLSERRNO_H__ |
387 | - |
388 | -#ifdef HAVE_CONFIG_H |
389 | -#include <config.h> |
390 | -#endif |
391 | - |
392 | -#ifdef HAVE_GNUTLS |
393 | - |
394 | -#include <errno.h> |
395 | - |
396 | -namespace rdr { |
397 | - |
398 | - static inline void gnutls_errno_helper(gnutls_session session, int _errno) |
399 | - { |
400 | -#if defined(HAVE_GNUTLS_SET_ERRNO) |
401 | - gnutls_transport_set_errno(session, _errno); |
402 | -#elif defined(HAVE_GNUTLS_SET_GLOBAL_ERRNO) |
403 | - gnutls_transport_set_global_errno(_errno); |
404 | -#else |
405 | - errno = _errno; |
406 | -#endif |
407 | - } |
408 | -}; |
409 | - |
410 | -#endif |
411 | - |
412 | -#endif |
413 | diff --git a/common/rdr/TLSInStream.cxx b/common/rdr/TLSInStream.cxx |
414 | index 4d2c9ec..ef030c1 100644 |
415 | --- a/common/rdr/TLSInStream.cxx |
416 | +++ b/common/rdr/TLSInStream.cxx |
417 | @@ -25,7 +25,6 @@ |
418 | #include <rdr/Exception.h> |
419 | #include <rdr/TLSException.h> |
420 | #include <rdr/TLSInStream.h> |
421 | -#include <rdr/TLSErrno.h> |
422 | #include <errno.h> |
423 | |
424 | #ifdef HAVE_GNUTLS |
425 | @@ -33,14 +32,14 @@ using namespace rdr; |
426 | |
427 | enum { DEFAULT_BUF_SIZE = 16384 }; |
428 | |
429 | -ssize_t TLSInStream::pull(gnutls_transport_ptr str, void* data, size_t size) |
430 | +ssize_t TLSInStream::pull(gnutls_transport_ptr_t str, void* data, size_t size) |
431 | { |
432 | TLSInStream* self= (TLSInStream*) str; |
433 | InStream *in = self->in; |
434 | |
435 | try { |
436 | if (!in->check(1, 1, false)) { |
437 | - gnutls_errno_helper(self->session, EAGAIN); |
438 | + gnutls_transport_set_errno(self->session, EAGAIN); |
439 | return -1; |
440 | } |
441 | |
442 | @@ -50,17 +49,17 @@ ssize_t TLSInStream::pull(gnutls_transport_ptr str, void* data, size_t size) |
443 | in->readBytes(data, size); |
444 | |
445 | } catch (Exception& e) { |
446 | - gnutls_errno_helper(self->session, EINVAL); |
447 | + gnutls_transport_set_errno(self->session, EINVAL); |
448 | return -1; |
449 | } |
450 | |
451 | return size; |
452 | } |
453 | |
454 | -TLSInStream::TLSInStream(InStream* _in, gnutls_session _session) |
455 | +TLSInStream::TLSInStream(InStream* _in, gnutls_session_t _session) |
456 | : session(_session), in(_in), bufSize(DEFAULT_BUF_SIZE), offset(0) |
457 | { |
458 | - gnutls_transport_ptr recv, send; |
459 | + gnutls_transport_ptr_t recv, send; |
460 | |
461 | ptr = end = start = new U8[bufSize]; |
462 | |
463 | diff --git a/common/rdr/TLSInStream.h b/common/rdr/TLSInStream.h |
464 | index 65a783c..b16d9f5 100644 |
465 | --- a/common/rdr/TLSInStream.h |
466 | +++ b/common/rdr/TLSInStream.h |
467 | @@ -33,7 +33,7 @@ namespace rdr { |
468 | |
469 | class TLSInStream : public InStream { |
470 | public: |
471 | - TLSInStream(InStream* in, gnutls_session session); |
472 | + TLSInStream(InStream* in, gnutls_session_t session); |
473 | virtual ~TLSInStream(); |
474 | |
475 | int pos(); |
476 | @@ -41,9 +41,9 @@ namespace rdr { |
477 | private: |
478 | int overrun(int itemSize, int nItems, bool wait); |
479 | int readTLS(U8* buf, int len, bool wait); |
480 | - static ssize_t pull(gnutls_transport_ptr str, void* data, size_t size); |
481 | + static ssize_t pull(gnutls_transport_ptr_t str, void* data, size_t size); |
482 | |
483 | - gnutls_session session; |
484 | + gnutls_session_t session; |
485 | InStream* in; |
486 | int bufSize; |
487 | int offset; |
488 | diff --git a/common/rdr/TLSOutStream.cxx b/common/rdr/TLSOutStream.cxx |
489 | index ef32d7d..44d2d9f 100644 |
490 | --- a/common/rdr/TLSOutStream.cxx |
491 | +++ b/common/rdr/TLSOutStream.cxx |
492 | @@ -25,7 +25,6 @@ |
493 | #include <rdr/Exception.h> |
494 | #include <rdr/TLSException.h> |
495 | #include <rdr/TLSOutStream.h> |
496 | -#include <rdr/TLSErrno.h> |
497 | #include <errno.h> |
498 | |
499 | #ifdef HAVE_GNUTLS |
500 | @@ -33,7 +32,7 @@ using namespace rdr; |
501 | |
502 | enum { DEFAULT_BUF_SIZE = 16384 }; |
503 | |
504 | -ssize_t TLSOutStream::push(gnutls_transport_ptr str, const void* data, |
505 | +ssize_t TLSOutStream::push(gnutls_transport_ptr_t str, const void* data, |
506 | size_t size) |
507 | { |
508 | TLSOutStream* self= (TLSOutStream*) str; |
509 | @@ -43,17 +42,17 @@ ssize_t TLSOutStream::push(gnutls_transport_ptr str, const void* data, |
510 | out->writeBytes(data, size); |
511 | out->flush(); |
512 | } catch (Exception& e) { |
513 | - gnutls_errno_helper(self->session, EINVAL); |
514 | + gnutls_transport_set_errno(self->session, EINVAL); |
515 | return -1; |
516 | } |
517 | |
518 | return size; |
519 | } |
520 | |
521 | -TLSOutStream::TLSOutStream(OutStream* _out, gnutls_session _session) |
522 | +TLSOutStream::TLSOutStream(OutStream* _out, gnutls_session_t _session) |
523 | : session(_session), out(_out), bufSize(DEFAULT_BUF_SIZE), offset(0) |
524 | { |
525 | - gnutls_transport_ptr recv, send; |
526 | + gnutls_transport_ptr_t recv, send; |
527 | |
528 | ptr = start = new U8[bufSize]; |
529 | end = start + bufSize; |
530 | diff --git a/common/rdr/TLSOutStream.h b/common/rdr/TLSOutStream.h |
531 | index a291f42..81dd237 100644 |
532 | --- a/common/rdr/TLSOutStream.h |
533 | +++ b/common/rdr/TLSOutStream.h |
534 | @@ -32,7 +32,7 @@ namespace rdr { |
535 | |
536 | class TLSOutStream : public OutStream { |
537 | public: |
538 | - TLSOutStream(OutStream* out, gnutls_session session); |
539 | + TLSOutStream(OutStream* out, gnutls_session_t session); |
540 | virtual ~TLSOutStream(); |
541 | |
542 | void flush(); |
543 | @@ -43,9 +43,9 @@ namespace rdr { |
544 | |
545 | private: |
546 | int writeTLS(const U8* data, int length); |
547 | - static ssize_t push(gnutls_transport_ptr str, const void* data, size_t size); |
548 | + static ssize_t push(gnutls_transport_ptr_t str, const void* data, size_t size); |
549 | |
550 | - gnutls_session session; |
551 | + gnutls_session_t session; |
552 | OutStream* out; |
553 | int bufSize; |
554 | U8* start; |
555 | diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx |
556 | index 222748c..9b29213 100644 |
557 | --- a/common/rfb/CSecurityTLS.cxx |
558 | +++ b/common/rfb/CSecurityTLS.cxx |
559 | @@ -42,7 +42,6 @@ |
560 | #include <rdr/TLSInStream.h> |
561 | #include <rdr/TLSOutStream.h> |
562 | #include <os/os.h> |
563 | -#include <os/tls.h> |
564 | |
565 | #include <gnutls/x509.h> |
566 | |
567 | @@ -202,13 +201,19 @@ bool CSecurityTLS::processMsg(CConnection* cc) |
568 | |
569 | void CSecurityTLS::setParam() |
570 | { |
571 | - static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 }; |
572 | - static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, |
573 | - GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; |
574 | + static const char kx_anon_priority[] = "NORMAL:+ANON-ECDH:+ANON-DH"; |
575 | + static const char kx_priority[] = "NORMAL"; |
576 | + |
577 | + int ret; |
578 | + const char *err; |
579 | |
580 | if (anon) { |
581 | - if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS) |
582 | - throw AuthFailureException("gnutls_kx_set_priority failed"); |
583 | + ret = gnutls_priority_set_direct(session, kx_anon_priority, &err); |
584 | + if (ret != GNUTLS_E_SUCCESS) { |
585 | + if (ret == GNUTLS_E_INVALID_REQUEST) |
586 | + vlog.error("GnuTLS priority syntax error at: %s", err); |
587 | + throw AuthFailureException("gnutls_set_priority_direct failed"); |
588 | + } |
589 | |
590 | if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS) |
591 | throw AuthFailureException("gnutls_anon_allocate_client_credentials failed"); |
592 | @@ -218,8 +223,12 @@ void CSecurityTLS::setParam() |
593 | |
594 | vlog.debug("Anonymous session has been set"); |
595 | } else { |
596 | - if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS) |
597 | - throw AuthFailureException("gnutls_kx_set_priority failed"); |
598 | + ret = gnutls_priority_set_direct(session, kx_priority, &err); |
599 | + if (ret != GNUTLS_E_SUCCESS) { |
600 | + if (ret == GNUTLS_E_INVALID_REQUEST) |
601 | + vlog.error("GnuTLS priority syntax error at: %s", err); |
602 | + throw AuthFailureException("gnutls_set_priority_direct failed"); |
603 | + } |
604 | |
605 | if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS) |
606 | throw AuthFailureException("gnutls_certificate_allocate_credentials failed"); |
607 | @@ -259,10 +268,10 @@ void CSecurityTLS::checkSession() |
608 | GNUTLS_CERT_SIGNER_NOT_FOUND | |
609 | GNUTLS_CERT_SIGNER_NOT_CA; |
610 | unsigned int status; |
611 | - const gnutls_datum *cert_list; |
612 | + const gnutls_datum_t *cert_list; |
613 | unsigned int cert_list_size = 0; |
614 | int err; |
615 | - gnutls_datum info; |
616 | + gnutls_datum_t info; |
617 | |
618 | if (anon) |
619 | return; |
620 | @@ -298,7 +307,7 @@ void CSecurityTLS::checkSession() |
621 | throw AuthFailureException("empty certificate chain"); |
622 | |
623 | /* Process only server's certificate, not issuer's certificate */ |
624 | - gnutls_x509_crt crt; |
625 | + gnutls_x509_crt_t crt; |
626 | gnutls_x509_crt_init(&crt); |
627 | |
628 | if (gnutls_x509_crt_import(crt, &cert_list[0], GNUTLS_X509_FMT_DER) < 0) |
629 | diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h |
630 | index f5f10e4..b147d80 100644 |
631 | --- a/common/rfb/CSecurityTLS.h |
632 | +++ b/common/rfb/CSecurityTLS.h |
633 | @@ -64,9 +64,9 @@ namespace rfb { |
634 | private: |
635 | static void initGlobal(); |
636 | |
637 | - gnutls_session session; |
638 | - gnutls_anon_client_credentials anon_cred; |
639 | - gnutls_certificate_credentials cert_cred; |
640 | + gnutls_session_t session; |
641 | + gnutls_anon_client_credentials_t anon_cred; |
642 | + gnutls_certificate_credentials_t cert_cred; |
643 | bool anon; |
644 | |
645 | char *cafile, *crlfile; |
646 | diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx |
647 | index d4e88d7..88145e8 100644 |
648 | --- a/common/rfb/SSecurityTLS.cxx |
649 | +++ b/common/rfb/SSecurityTLS.cxx |
650 | @@ -164,15 +164,22 @@ bool SSecurityTLS::processMsg(SConnection *sc) |
651 | return true; |
652 | } |
653 | |
654 | -void SSecurityTLS::setParams(gnutls_session session) |
655 | +void SSecurityTLS::setParams(gnutls_session_t session) |
656 | { |
657 | - static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 }; |
658 | - static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, |
659 | - GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; |
660 | - |
661 | - if (gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority) |
662 | - != GNUTLS_E_SUCCESS) |
663 | - throw AuthFailureException("gnutls_kx_set_priority failed"); |
664 | + static const char kx_anon_priority[] = "NORMAL:+ANON-ECDH:+ANON-DH"; |
665 | + static const char kx_priority[] = "NORMAL"; |
666 | + |
667 | + int ret; |
668 | + const char *err; |
669 | + |
670 | + ret = gnutls_priority_set_direct(session, |
671 | + anon ? kx_anon_priority : kx_priority, |
672 | + &err); |
673 | + if (ret != GNUTLS_E_SUCCESS) { |
674 | + if (ret == GNUTLS_E_INVALID_REQUEST) |
675 | + vlog.error("GnuTLS priority syntax error at: %s", err); |
676 | + throw AuthFailureException("gnutls_set_priority_direct failed"); |
677 | + } |
678 | |
679 | if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS) |
680 | throw AuthFailureException("gnutls_dh_params_init failed"); |
681 | diff --git a/common/rfb/SSecurityTLS.h b/common/rfb/SSecurityTLS.h |
682 | index 4eebc7e..a793205 100644 |
683 | --- a/common/rfb/SSecurityTLS.h |
684 | +++ b/common/rfb/SSecurityTLS.h |
685 | @@ -51,15 +51,15 @@ namespace rfb { |
686 | |
687 | protected: |
688 | void shutdown(); |
689 | - void setParams(gnutls_session session); |
690 | + void setParams(gnutls_session_t session); |
691 | |
692 | private: |
693 | static void initGlobal(); |
694 | |
695 | - gnutls_session session; |
696 | - gnutls_dh_params dh_params; |
697 | - gnutls_anon_server_credentials anon_cred; |
698 | - gnutls_certificate_credentials cert_cred; |
699 | + gnutls_session_t session; |
700 | + gnutls_dh_params_t dh_params; |
701 | + gnutls_anon_server_credentials_t anon_cred; |
702 | + gnutls_certificate_credentials_t cert_cred; |
703 | char *keyfile, *certfile; |
704 | |
705 | int type; |
706 | diff --git a/config.h.in b/config.h.in |
707 | index 7728b4a..fb697fa 100644 |
708 | --- a/config.h.in |
709 | +++ b/config.h.in |
710 | @@ -3,13 +3,6 @@ |
711 | |
712 | #cmakedefine HAVE_INET_ATON |
713 | #cmakedefine HAVE_GETADDRINFO |
714 | -#cmakedefine HAVE_GNUTLS_SET_GLOBAL_ERRNO |
715 | -#cmakedefine HAVE_GNUTLS_SET_ERRNO |
716 | -#cmakedefine HAVE_GNUTLS_X509_CRT_PRINT |
717 | -#cmakedefine HAVE_GNUTLS_X509_CRT_T |
718 | -#cmakedefine HAVE_GNUTLS_DATUM_T |
719 | -#cmakedefine HAVE_GNUTLS_PK_ALGORITHM_T |
720 | -#cmakedefine HAVE_GNUTLS_SIGN_ALGORITHM_T |
721 | #cmakedefine HAVE_FLTK_CLIPBOARD |
722 | #cmakedefine HAVE_FLTK_MEDIAKEYS |
723 | #cmakedefine HAVE_FLTK_FULLSCREEN |
724 | -- |
725 | 2.3.5 |
726 |