------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1095 Summary: Uses (soon to be) deprecated GnuTLS functions Product: Exim Version: 4.75 RC1 Platform: Other OS/Version: Linux Status: NEW Severity: bug Priority: medium Component: TLS AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] Building exim against GnuTLS 2.11.7 ("Consider that a release candidate for 2.12.0") yields the following warnings: ------------------------------ tls-gnu.c: In function 'verify_certificate': tls-gnu.c:237:3: warning: 'gnutls_certificate_verify_peers' is deprecated (declared at /usr/include/gnutls/compat.h:325) In file included from tls.c:84:0: tls-gnu.c: In function 'tls_session_init': tls-gnu.c:775:1: warning: 'gnutls_cipher_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:330) tls-gnu.c:776:1: warning: 'gnutls_compression_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:334) tls-gnu.c:777:1: warning: 'gnutls_kx_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:337) tls-gnu.c:778:1: warning: 'gnutls_protocol_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:339) tls-gnu.c:779:1: warning: 'gnutls_mac_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:332) ------------------------------ gnutls_certificate_verify_peers is superseded by gnutls_certificate_verify_peers2 (available since 1.2, 2005-01-27). The fix should not be too painful. Replacing the *_set_priority stuff is going to be harder. They are exposed to the user via gnutls_require_kx, gnutls_require_mac, gnutls_require_protocols and tls_require_ciphers. The successor functions to these are the gnutls_priority_* ones. (Added in 2.2.0 2007-12-14) They accept a combined priority string (e.g. "NORMAL" or "SECURE:-VERS-SSL3.0:+COMP-DEFLATE"). I guess on the exim side something like this needs to happen: * Continue to accept the gnutls_require_* settings but ignore them. * Either update or drop the GnuLS mapping in tls_require_ciphers. * Add a gnutls_priority setting. This is not very, very urgent but also not a item of a far set future. I suspect the first stable GnuTLS release that drops these interfaces wlill take at least 8 months (November 2011) to appear. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
