[Lynx-dev] Lynx 2.8.9dev.8 doesn't build against GnuTLS 3.4.x: gnutls_protocol_set_priority removed

Sat, 23 Jan 2016 11:43:25 -0800 

Hi,

GnuTLS 3.4.8 arrived in Debian Unstable and Lynx no more builds since
then. Reason is the usage of gnutls_protocol_set_priority in
src/tidy_tls.c as gnutls_protocol_set_priority has been removed from
GnuTLS since 3.4.0.

It only seems to be used for cipher/protocol removal in Lynx, so the
following patch makes it build again.

Nevertheless,

* I'm not sure if the changed code paths are really used in my
  environment, and

* I'm quite sure that this patch is probably not suitable for general
  inclusion as it is probably GnuTLS-specific and also doesn't take
  into account that others might build Lynx against older versions of
  GnuTLS.

So you likely need to adapt that patch to be more suited for upstream
usage.

Index: lynx/src/tidy_tls.c
===================================================================
--- lynx.orig/src/tidy_tls.c    2015-12-21 10:11:11.719618478 +0100
+++ lynx/src/tidy_tls.c 2016-01-23 20:01:04.100447994 +0100
@@ -262,27 +262,6 @@
     ctx->verify_callback = verify_callback;
 }
 
-static void RemoveProtocol(SSL * ssl, int protocol)
-{
-    int j, k;
-    int changed = 0;
-    int *protocols = ssl->ctx->method->priority.protocol;
-
-    for (j = k = 0; j < GNUTLS_MAX_ALGORITHM_NUM;) {
-       if (protocols[k] == protocol) {
-           if (++k >= GNUTLS_MAX_ALGORITHM_NUM)
-               break;
-           changed = 1;
-       } else {
-           protocols[j++] = protocols[k++];
-       }
-    }
-
-    if (changed) {
-       gnutls_protocol_set_priority(ssl->gnutls_state, protocols);
-    }
-}
-
 /*
  * Initiate the TLS/SSL handshake with an TLS/SSL server.
  */
@@ -294,9 +273,7 @@
     const char *aname;
 
     if (ssl->options & SSL_OP_NO_TLSv1)
-       RemoveProtocol(ssl, GNUTLS_TLS1);
-    if (ssl->options & SSL_OP_NO_SSLv3)
-       RemoveProtocol(ssl, GNUTLS_SSL3);
+       gnutls_priority_set(ssl->gnutls_state, "VERS-TLS1.0!");
 
     while ((rc = gnutls_handshake(ssl->gnutls_state)) < 0 &&
           !gnutls_error_is_fatal(rc)) {

                Kind regards, Axel
-- 
/~\  Plain Text Ribbon Campaign                   | Axel Beckert
\ /  Say No to HTML in E-Mail and News            | [email protected]  (Mail)
 X   See http://www.nonhtmlmail.org/campaign.html | [email protected] (Mail+Jabber)
/ \  I love long mails: http://email.is-not-s.ms/ | http://abe.noone.org/ (Web)

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Lynx-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/lynx-dev

Reply via email to