On Mon, 23 Jan 2012, Daniel Stenberg wrote:
We only had a total of 210 commits in curl between 7.22.0 and 7.23.0 so bisecting shouldn't be too time consuming if the procedure to get the bug to appear isn't too slow.
Ok, so my bisecting identified the attached commit as the offender. If I revert this change the libmicrohttpd test seems to run correctly again.
I would appreciate if someone else helped me verify this.If it indeed is so, then I would appreciate a comment from someone fluent in in the GnuTLS API who can tell me why this change is wrong! The change was an attempt to stop using the GnuTLS deprecated API.
-- / daniel.haxx.se
commit a873b95c21700e8e75db7e62b5ac5ef8fc8c9b03 Author: Daniel Stenberg <[email protected]> Date: Wed Nov 2 22:44:22 2011 +0100 gtls_connect_step1: remove use of deprecated functions Use gnutls_priority_set_direct() instead of gnutls_protocol_set_priority(). Remove the gnutls_certificate_type_set_priority() use since x509 is the default certificate type anyway. Reported by: Vincent Torri diff --git a/lib/gtls.c b/lib/gtls.c index c1e9cae..ed79313 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -82,6 +82,7 @@ static bool gtls_inited = FALSE; # if (GNUTLS_VERSION_NUMBER >= 0x020c00) # undef gnutls_transport_set_lowat # define gnutls_transport_set_lowat(A,B) Curl_nop_stmt +# define USE_GNUTLS_PRIORITY_SET_DIRECT 1 # endif # if (GNUTLS_VERSION_NUMBER >= 0x020c03) # undef gnutls_transport_set_global_errno @@ -320,7 +321,9 @@ static CURLcode gtls_connect_step1(struct connectdata *conn, int sockindex) { +#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; +#endif struct SessionHandle *data = conn->data; gnutls_session session; int rc; @@ -440,18 +443,26 @@ gtls_connect_step1(struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { +#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT static const int protocol_priority[] = { GNUTLS_SSL3, 0 }; - gnutls_protocol_set_priority(session, protocol_priority); + rc = gnutls_protocol_set_priority(session, protocol_priority); +#else + const char *err; + rc = gnutls_priority_set_direct(session, "-VERS-TLS-ALL:+VERS-SSL3.0", + &err); +#endif if(rc != GNUTLS_E_SUCCESS) return CURLE_SSL_CONNECT_ERROR; } +#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT /* Sets the priority on the certificate types supported by gnutls. Priority is higher for types specified before others. After specifying the types you want, you must append a 0. */ rc = gnutls_certificate_type_set_priority(session, cert_type_priority); if(rc != GNUTLS_E_SUCCESS) return CURLE_SSL_CONNECT_ERROR; +#endif if(data->set.str[STRING_CERT]) { if(gnutls_certificate_set_x509_key_file(
