[vino] Do not use deprecated GnuTLS functions, bug 648606



commit 5c7f0f706cfb5443c9361acee9baaabda2149885
Author: David King <amigadave amigadave com>
Date:   Tue Apr 26 17:34:12 2011 +0200

    Do not use deprecated GnuTLS functions, bug 648606
    
    Bump the GnuTLS version check to 2.2.0 from 1.0.0. Use
    gnutls_priority_set_direct() rather than gnutls_kx_set_priority() to set
    the key exchange algorithm.

 configure.ac               |    2 +-
 server/libvncserver/auth.c |    6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index b9b4e5e..8c68b62 100644
--- a/configure.ac
+++ b/configure.ac
@@ -142,7 +142,7 @@ AS_IF([test "x$no_x" = "xyes"],
   [AC_SUBST([X_LIBS], ["$X_PRE_LIBS $X_LIBS -lX11 $X_EXTRA_LIBS"])])
 
 # Check for gnutls
-GNUTLS_DEPS="gnutls >= 1.0.0"
+GNUTLS_DEPS="gnutls >= 2.2.0"
 
 AC_ARG_WITH([gnutls],
   [AS_HELP_STRING([--without-gnutls],
diff --git a/server/libvncserver/auth.c b/server/libvncserver/auth.c
index 6489f4c..cfaed55 100644
--- a/server/libvncserver/auth.c
+++ b/server/libvncserver/auth.c
@@ -64,13 +64,15 @@ rfbAuthCleanupScreen(rfbScreenInfoPtr rfbScreen)
 static rfbBool
 rfbAuthTLSHandshake(rfbClientPtr cl)
 {
-    static const int kx_priority[] = { GNUTLS_KX_ANON_DH, 0 };
+    /* TODO: Perform non-anonymous key exchange to prevent man-in-the-middle
+     * attacks. */
+    static const char kx_priority[] = "NORMAL:+ANON-DH";
     int              err;
     
     gnutls_init(&cl->tlsSession, GNUTLS_SERVER);
 
     gnutls_set_default_priority(cl->tlsSession);
-    gnutls_kx_set_priority(cl->tlsSession, kx_priority);
+    gnutls_priority_set_direct(cl->tlsSession, kx_priority, NULL);
 
     gnutls_credentials_set(cl->tlsSession,
 			   GNUTLS_CRD_ANON,



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]