rev |
line source |
pascal@25064
|
1 --- openvas-client-3.0.1/openvas/openvas-client.c
|
pascal@25064
|
2 +++ openvas-client-3.0.1/openvas/openvas-client.c
|
pascal@25064
|
3 @@ -466,89 +466,26 @@
|
pascal@25064
|
4 static void
|
pascal@25064
|
5 set_gnutls_sslv23 (gnutls_session_t session)
|
pascal@25064
|
6 {
|
pascal@25064
|
7 - static int protocol_priority[] = {GNUTLS_TLS1,
|
pascal@25064
|
8 - GNUTLS_SSL3,
|
pascal@25064
|
9 - 0};
|
pascal@25064
|
10 - static int cipher_priority[] = {GNUTLS_CIPHER_AES_128_CBC,
|
pascal@25064
|
11 - GNUTLS_CIPHER_3DES_CBC,
|
pascal@25064
|
12 - GNUTLS_CIPHER_AES_256_CBC,
|
pascal@25064
|
13 - GNUTLS_CIPHER_ARCFOUR_128,
|
pascal@25064
|
14 - 0};
|
pascal@25064
|
15 - static int comp_priority[] = {GNUTLS_COMP_ZLIB,
|
pascal@25064
|
16 - GNUTLS_COMP_NULL,
|
pascal@25064
|
17 - 0};
|
pascal@25064
|
18 - static int kx_priority[] = {GNUTLS_KX_DHE_RSA,
|
pascal@25064
|
19 - GNUTLS_KX_RSA,
|
pascal@25064
|
20 - GNUTLS_KX_DHE_DSS,
|
pascal@25064
|
21 - 0};
|
pascal@25064
|
22 - static int mac_priority[] = {GNUTLS_MAC_SHA1,
|
pascal@25064
|
23 - GNUTLS_MAC_MD5,
|
pascal@25064
|
24 - 0};
|
pascal@25064
|
25 -
|
pascal@25064
|
26 - gnutls_protocol_set_priority(session, protocol_priority);
|
pascal@25064
|
27 - gnutls_cipher_set_priority(session, cipher_priority);
|
pascal@25064
|
28 - gnutls_compression_set_priority(session, comp_priority);
|
pascal@25064
|
29 - gnutls_kx_set_priority (session, kx_priority);
|
pascal@25064
|
30 - gnutls_mac_set_priority(session, mac_priority);
|
pascal@25064
|
31 + // gnutls 2.2.0+
|
pascal@25064
|
32 + return gnutls_priority_set_direct(session,
|
pascal@25064
|
33 + "NONE:+VERS-TLS1:+VERS-SSL3:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
|
pascal@25064
|
34 }
|
pascal@25064
|
35
|
pascal@25064
|
36
|
pascal@25064
|
37 static void
|
pascal@25064
|
38 set_gnutls_sslv3(gnutls_session_t session)
|
pascal@25064
|
39 {
|
pascal@25064
|
40 - static int protocol_priority[] = {GNUTLS_SSL3,
|
pascal@25064
|
41 - 0};
|
pascal@25064
|
42 - static int cipher_priority[] = {GNUTLS_CIPHER_3DES_CBC,
|
pascal@25064
|
43 - GNUTLS_CIPHER_ARCFOUR_128,
|
pascal@25064
|
44 - 0};
|
pascal@25064
|
45 - static int comp_priority[] = {GNUTLS_COMP_ZLIB,
|
pascal@25064
|
46 - GNUTLS_COMP_NULL,
|
pascal@25064
|
47 - 0};
|
pascal@25064
|
48 -
|
pascal@25064
|
49 - static int kx_priority[] = {GNUTLS_KX_DHE_RSA,
|
pascal@25064
|
50 - GNUTLS_KX_RSA,
|
pascal@25064
|
51 - GNUTLS_KX_DHE_DSS,
|
pascal@25064
|
52 - GNUTLS_KX_ANON_DH,
|
pascal@25064
|
53 - 0};
|
pascal@25064
|
54 -
|
pascal@25064
|
55 - static int mac_priority[] = {GNUTLS_MAC_SHA1,
|
pascal@25064
|
56 - GNUTLS_MAC_MD5,
|
pascal@25064
|
57 - 0};
|
pascal@25064
|
58 -
|
pascal@25064
|
59 - gnutls_protocol_set_priority(session, protocol_priority);
|
pascal@25064
|
60 - gnutls_cipher_set_priority(session, cipher_priority);
|
pascal@25064
|
61 - gnutls_compression_set_priority(session, comp_priority);
|
pascal@25064
|
62 - gnutls_kx_set_priority (session, kx_priority);
|
pascal@25064
|
63 - gnutls_mac_set_priority(session, mac_priority);
|
pascal@25064
|
64 + // gnutls 2.2.0+
|
pascal@25064
|
65 + return gnutls_priority_set_direct(session,
|
pascal@25064
|
66 + "NONE:+VERS-SSL3:+3DES_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+ANON_DH:+SHA1:+MD5", NULL);
|
pascal@25064
|
67 }
|
pascal@25064
|
68
|
pascal@25064
|
69 static void
|
pascal@25064
|
70 set_gnutls_tlsv1(gnutls_session_t session)
|
pascal@25064
|
71 {
|
pascal@25064
|
72 - static int protocol_priority[] = {GNUTLS_TLS1,
|
pascal@25064
|
73 - 0};
|
pascal@25064
|
74 - static int cipher_priority[] = {GNUTLS_CIPHER_AES_128_CBC,
|
pascal@25064
|
75 - GNUTLS_CIPHER_3DES_CBC,
|
pascal@25064
|
76 - GNUTLS_CIPHER_AES_256_CBC,
|
pascal@25064
|
77 - GNUTLS_CIPHER_ARCFOUR_128,
|
pascal@25064
|
78 - 0};
|
pascal@25064
|
79 - static int comp_priority[] = {GNUTLS_COMP_ZLIB,
|
pascal@25064
|
80 - GNUTLS_COMP_NULL,
|
pascal@25064
|
81 - 0};
|
pascal@25064
|
82 - static int kx_priority[] = {GNUTLS_KX_DHE_RSA,
|
pascal@25064
|
83 - GNUTLS_KX_RSA,
|
pascal@25064
|
84 - GNUTLS_KX_DHE_DSS,
|
pascal@25064
|
85 - GNUTLS_KX_ANON_DH,
|
pascal@25064
|
86 - 0};
|
pascal@25064
|
87 - static int mac_priority[] = {GNUTLS_MAC_SHA1,
|
pascal@25064
|
88 - GNUTLS_MAC_MD5,
|
pascal@25064
|
89 - 0};
|
pascal@25064
|
90 -
|
pascal@25064
|
91 - gnutls_protocol_set_priority(session, protocol_priority);
|
pascal@25064
|
92 - gnutls_cipher_set_priority(session, cipher_priority);
|
pascal@25064
|
93 - gnutls_compression_set_priority(session, comp_priority);
|
pascal@25064
|
94 - gnutls_kx_set_priority (session, kx_priority);
|
pascal@25064
|
95 - gnutls_mac_set_priority(session, mac_priority);
|
pascal@25064
|
96 + // gnutls 2.2.0+
|
pascal@25064
|
97 + return gnutls_priority_set_direct(session,
|
pascal@25064
|
98 + "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+ANON_DH:+SHA1:+MD5", NULL);
|
pascal@25064
|
99 }
|
pascal@25064
|
100
|
pascal@25064
|
101
|
pascal@25064
|
102 @@ -698,7 +635,6 @@
|
pascal@25064
|
103 #endif
|
pascal@25064
|
104 gnutls_session_t ssl = NULL;
|
pascal@25064
|
105 gnutls_certificate_credentials_t certcred = NULL;
|
pascal@25064
|
106 - int certprio[2] = { GNUTLS_CRT_X509, 0 };
|
pascal@25064
|
107
|
pascal@25064
|
108 const char *cert, *key, *client_ca, *trusted_ca, *ssl_ver;
|
pascal@25064
|
109 int use_client_cert = prefs_get_int(context, "use_client_cert");
|
pascal@25064
|
110 @@ -868,7 +804,7 @@
|
pascal@25064
|
111
|
pascal@25064
|
112 if(use_client_cert)
|
pascal@25064
|
113 {
|
pascal@25064
|
114 - rc = gnutls_certificate_type_set_priority (ssl, certprio);
|
pascal@25064
|
115 + rc = gnutls_set_default_priority (ssl);
|
pascal@25064
|
116 if (rc)
|
pascal@25064
|
117 {
|
pascal@25064
|
118 gnutls_deinit (ssl);
|