On 2014-11-01 Nye Liu <[email protected]> wrote: > On Sat, Nov 01, 2014 at 01:47:04PM +0100, Andreas Metzler wrote: > > #1 Use gnutls_priority_set_direct(): [...] > You were correct. This is the required change. I have not tried > backing out all of deprecation and warning fixes, but backing out > this change alone causes the problem to come back. [...]
Hello, could you please verify that applying *only* the attached minimal patch on top of 0.4.27-2.2 fixes the bug? I need to come up with a minimal change which is acceptable for a NMU. I will forward the other changes upstream. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Description: Use gnutls_set_default_priority() to get GnuTLS upstream's recommended default values (SSL/TLS versions, ciphers, et al.) instead of setting local defaults using the deprecated gnutls_cipher_set_priority/gnutls_protocol_set_priority/... functions. Author: Andreas Metzler <[email protected]>, Nye Liu <[email protected]> Bug-Debian: https://bugs.debian.org/759259 Origin: vendor Forwarded: no Last-Update: 2014-11-02 --- a/wmbiff/tlsComm.c +++ b/wmbiff/tlsComm.c @@ -553,25 +553,7 @@ struct connection_state *initialize_gnut assert(gnutls_init(&scs->tls_state, GNUTLS_CLIENT) == 0); { - const int protocols[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; - const int ciphers[] = - { GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_RIJNDAEL_256_CBC, - GNUTLS_CIPHER_ARCFOUR, 0 - }; - const int compress[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; - const int key_exch[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, - GNUTLS_KX_DHE_RSA, 0 - }; - /* mutt with gnutls doesn't use kx_srp or kx_anon_dh */ - const int mac[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; - assert(gnutls_protocol_set_priority(scs->tls_state, protocols) == - 0); - assert(gnutls_cipher_set_priority(scs->tls_state, ciphers) == 0); - assert(gnutls_compression_set_priority(scs->tls_state, compress) == - 0); - assert(gnutls_kx_set_priority(scs->tls_state, key_exch) == 0); - assert(gnutls_mac_set_priority(scs->tls_state, mac) == 0); + assert(gnutls_set_default_priority(scs->tls_state) == 0); /* no client private key */ if (gnutls_certificate_allocate_credentials(&scs->xcred) < 0) { DMA(DEBUG_ERROR, "gnutls memory error\n");

