wok diff openvas-client/stuff/gnutls.2.2.u @ rev 25064
openvas-libraries, openvas-client: update gnutls calls
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Wed Jun 08 16:46:37 2022 +0000 (23 months ago) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/openvas-client/stuff/gnutls.2.2.u Wed Jun 08 16:46:37 2022 +0000 1.3 @@ -0,0 +1,118 @@ 1.4 +--- openvas-client-3.0.1/openvas/openvas-client.c 1.5 ++++ openvas-client-3.0.1/openvas/openvas-client.c 1.6 +@@ -466,89 +466,26 @@ 1.7 + static void 1.8 + set_gnutls_sslv23 (gnutls_session_t session) 1.9 + { 1.10 +- static int protocol_priority[] = {GNUTLS_TLS1, 1.11 +- GNUTLS_SSL3, 1.12 +- 0}; 1.13 +- static int cipher_priority[] = {GNUTLS_CIPHER_AES_128_CBC, 1.14 +- GNUTLS_CIPHER_3DES_CBC, 1.15 +- GNUTLS_CIPHER_AES_256_CBC, 1.16 +- GNUTLS_CIPHER_ARCFOUR_128, 1.17 +- 0}; 1.18 +- static int comp_priority[] = {GNUTLS_COMP_ZLIB, 1.19 +- GNUTLS_COMP_NULL, 1.20 +- 0}; 1.21 +- static int kx_priority[] = {GNUTLS_KX_DHE_RSA, 1.22 +- GNUTLS_KX_RSA, 1.23 +- GNUTLS_KX_DHE_DSS, 1.24 +- 0}; 1.25 +- static int mac_priority[] = {GNUTLS_MAC_SHA1, 1.26 +- GNUTLS_MAC_MD5, 1.27 +- 0}; 1.28 +- 1.29 +- gnutls_protocol_set_priority(session, protocol_priority); 1.30 +- gnutls_cipher_set_priority(session, cipher_priority); 1.31 +- gnutls_compression_set_priority(session, comp_priority); 1.32 +- gnutls_kx_set_priority (session, kx_priority); 1.33 +- gnutls_mac_set_priority(session, mac_priority); 1.34 ++ // gnutls 2.2.0+ 1.35 ++ return gnutls_priority_set_direct(session, 1.36 ++ "NONE:+VERS-TLS1:+VERS-SSL3:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL); 1.37 + } 1.38 + 1.39 + 1.40 + static void 1.41 + set_gnutls_sslv3(gnutls_session_t session) 1.42 + { 1.43 +- static int protocol_priority[] = {GNUTLS_SSL3, 1.44 +- 0}; 1.45 +- static int cipher_priority[] = {GNUTLS_CIPHER_3DES_CBC, 1.46 +- GNUTLS_CIPHER_ARCFOUR_128, 1.47 +- 0}; 1.48 +- static int comp_priority[] = {GNUTLS_COMP_ZLIB, 1.49 +- GNUTLS_COMP_NULL, 1.50 +- 0}; 1.51 +- 1.52 +- static int kx_priority[] = {GNUTLS_KX_DHE_RSA, 1.53 +- GNUTLS_KX_RSA, 1.54 +- GNUTLS_KX_DHE_DSS, 1.55 +- GNUTLS_KX_ANON_DH, 1.56 +- 0}; 1.57 +- 1.58 +- static int mac_priority[] = {GNUTLS_MAC_SHA1, 1.59 +- GNUTLS_MAC_MD5, 1.60 +- 0}; 1.61 +- 1.62 +- gnutls_protocol_set_priority(session, protocol_priority); 1.63 +- gnutls_cipher_set_priority(session, cipher_priority); 1.64 +- gnutls_compression_set_priority(session, comp_priority); 1.65 +- gnutls_kx_set_priority (session, kx_priority); 1.66 +- gnutls_mac_set_priority(session, mac_priority); 1.67 ++ // gnutls 2.2.0+ 1.68 ++ return gnutls_priority_set_direct(session, 1.69 ++ "NONE:+VERS-SSL3:+3DES_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+ANON_DH:+SHA1:+MD5", NULL); 1.70 + } 1.71 + 1.72 + static void 1.73 + set_gnutls_tlsv1(gnutls_session_t session) 1.74 + { 1.75 +- static int protocol_priority[] = {GNUTLS_TLS1, 1.76 +- 0}; 1.77 +- static int cipher_priority[] = {GNUTLS_CIPHER_AES_128_CBC, 1.78 +- GNUTLS_CIPHER_3DES_CBC, 1.79 +- GNUTLS_CIPHER_AES_256_CBC, 1.80 +- GNUTLS_CIPHER_ARCFOUR_128, 1.81 +- 0}; 1.82 +- static int comp_priority[] = {GNUTLS_COMP_ZLIB, 1.83 +- GNUTLS_COMP_NULL, 1.84 +- 0}; 1.85 +- static int kx_priority[] = {GNUTLS_KX_DHE_RSA, 1.86 +- GNUTLS_KX_RSA, 1.87 +- GNUTLS_KX_DHE_DSS, 1.88 +- GNUTLS_KX_ANON_DH, 1.89 +- 0}; 1.90 +- static int mac_priority[] = {GNUTLS_MAC_SHA1, 1.91 +- GNUTLS_MAC_MD5, 1.92 +- 0}; 1.93 +- 1.94 +- gnutls_protocol_set_priority(session, protocol_priority); 1.95 +- gnutls_cipher_set_priority(session, cipher_priority); 1.96 +- gnutls_compression_set_priority(session, comp_priority); 1.97 +- gnutls_kx_set_priority (session, kx_priority); 1.98 +- gnutls_mac_set_priority(session, mac_priority); 1.99 ++ // gnutls 2.2.0+ 1.100 ++ return gnutls_priority_set_direct(session, 1.101 ++ "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+ANON_DH:+SHA1:+MD5", NULL); 1.102 + } 1.103 + 1.104 + 1.105 +@@ -698,7 +635,6 @@ 1.106 + #endif 1.107 + gnutls_session_t ssl = NULL; 1.108 + gnutls_certificate_credentials_t certcred = NULL; 1.109 +- int certprio[2] = { GNUTLS_CRT_X509, 0 }; 1.110 + 1.111 + const char *cert, *key, *client_ca, *trusted_ca, *ssl_ver; 1.112 + int use_client_cert = prefs_get_int(context, "use_client_cert"); 1.113 +@@ -868,7 +804,7 @@ 1.114 + 1.115 + if(use_client_cert) 1.116 + { 1.117 +- rc = gnutls_certificate_type_set_priority (ssl, certprio); 1.118 ++ rc = gnutls_set_default_priority (ssl); 1.119 + if (rc) 1.120 + { 1.121 + gnutls_deinit (ssl);