On 2015-04-18 Andreas Metzler <[email protected]> wrote:
> Package: libiksemel
> Version: 1.4-2
> Severity: normal
> User: [email protected]
> Usertags: gnutls34
> Hello,
> the package FTBFS against the recently released GnuTLS 3.4.0:
[...]
> ../src/.libs/libiksemel.so: undefined reference to `gnutls_mac_set_priority'
> ../src/.libs/libiksemel.so: undefined reference to
> `gnutls_protocol_set_priority'
> ../src/.libs/libiksemel.so: undefined reference to `gnutls_kx_set_priority'
> ../src/.libs/libiksemel.so: undefined reference to
> `gnutls_cipher_set_priority'
> ../src/.libs/libiksemel.so: undefined reference to
> `gnutls_compression_set_priority'
[...]
The respective code seems to be this one:
src/tls-gnutls.c
const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC,
GNUTLS_CIPHER_ARCFOUR, 0};
const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
[...]
gnutls_protocol_set_priority (data->sess, protocol_priority);
gnutls_cipher_set_priority(data->sess, cipher_priority);
gnutls_compression_set_priority(data->sess, comp_priority);
gnutls_kx_set_priority(data->sess, kx_priority);
gnutls_mac_set_priority(data->sess, mac_priority);
Is there a good reason for this selection? Enabling SSL3.0 and
disabling TLS1.1 and TLS1.2, allowing MD5 as MAC but not SHA256. etc.
If there is not a very good reason for just move to
gnutls_set_default_priority().
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
