[vino] Do not use deprecated GnuTLS functions, bug 648606
- From: David King <davidk src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [vino] Do not use deprecated GnuTLS functions, bug 648606
- Date: Tue, 26 Apr 2011 15:37:43 +0000 (UTC)
commit 5c7f0f706cfb5443c9361acee9baaabda2149885
Author: David King <amigadave amigadave com>
Date: Tue Apr 26 17:34:12 2011 +0200
Do not use deprecated GnuTLS functions, bug 648606
Bump the GnuTLS version check to 2.2.0 from 1.0.0. Use
gnutls_priority_set_direct() rather than gnutls_kx_set_priority() to set
the key exchange algorithm.
configure.ac | 2 +-
server/libvncserver/auth.c | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index b9b4e5e..8c68b62 100644
--- a/configure.ac
+++ b/configure.ac
@@ -142,7 +142,7 @@ AS_IF([test "x$no_x" = "xyes"],
[AC_SUBST([X_LIBS], ["$X_PRE_LIBS $X_LIBS -lX11 $X_EXTRA_LIBS"])])
# Check for gnutls
-GNUTLS_DEPS="gnutls >= 1.0.0"
+GNUTLS_DEPS="gnutls >= 2.2.0"
AC_ARG_WITH([gnutls],
[AS_HELP_STRING([--without-gnutls],
diff --git a/server/libvncserver/auth.c b/server/libvncserver/auth.c
index 6489f4c..cfaed55 100644
--- a/server/libvncserver/auth.c
+++ b/server/libvncserver/auth.c
@@ -64,13 +64,15 @@ rfbAuthCleanupScreen(rfbScreenInfoPtr rfbScreen)
static rfbBool
rfbAuthTLSHandshake(rfbClientPtr cl)
{
- static const int kx_priority[] = { GNUTLS_KX_ANON_DH, 0 };
+ /* TODO: Perform non-anonymous key exchange to prevent man-in-the-middle
+ * attacks. */
+ static const char kx_priority[] = "NORMAL:+ANON-DH";
int err;
gnutls_init(&cl->tlsSession, GNUTLS_SERVER);
gnutls_set_default_priority(cl->tlsSession);
- gnutls_kx_set_priority(cl->tlsSession, kx_priority);
+ gnutls_priority_set_direct(cl->tlsSession, kx_priority, NULL);
gnutls_credentials_set(cl->tlsSession,
GNUTLS_CRD_ANON,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]