about summary refs log tree commit diff stats
path: root/src/tidy_tls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/tidy_tls.c')
-rw-r--r--src/tidy_tls.c141
1 files changed, 3 insertions, 138 deletions
diff --git a/src/tidy_tls.c b/src/tidy_tls.c
index f6dea810..8ebaa6b8 100644
--- a/src/tidy_tls.c
+++ b/src/tidy_tls.c
@@ -1,6 +1,6 @@
 /*
- * $LynxId: tidy_tls.c,v 1.24 2014/11/30 23:28:13 tom Exp $
- * Copyright 2008-2013,2014 Thomas E. Dickey
+ * $LynxId: tidy_tls.c,v 1.27 2015/06/02 00:39:46 tom Exp $
+ * Copyright 2008-2014,2015 Thomas E. Dickey
  * with fix Copyright 2008 by Thomas Viehmann
  *
  * Required libraries:
@@ -19,12 +19,6 @@
 #include <libtasn1.h>		/* ASN1_SUCCESS,etc */
 #include <string.h>
 
-#ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT
-#define USE_SET_DIRECT 1
-#else
-#define USE_SET_DIRECT 0
-#endif
-
 #define typeCalloc(type) (type *) calloc(1, sizeof(type))
 
 static int last_error = 0;
@@ -268,116 +262,6 @@ void SSL_CTX_set_verify(SSL_CTX * ctx, int verify_mode,
     ctx->verify_callback = verify_callback;
 }
 
-#if USE_SET_DIRECT
-/*
- * Functions such as this are normally part of an API; lack of planning makes
- * these necessary in application code.
- */
-#define IdsToString(type, func, ids) \
-	char *result = 0; \
-	size_t need = 8 + strlen(type); \
-	const char *name; \
-	int pass; \
-	int n; \
-	for (pass = 0; pass < 2; ++pass) { \
-	    for (n = 0; n < GNUTLS_MAX_ALGORITHM_NUM; ++n) { \
-		name = 0; \
-		if (ids[n] == 0) \
-		    break; \
-		if ((name = func(ids[n])) != 0) { \
-		    if (pass) { \
-			sprintf(result + strlen(result), ":+%s%s", type, name); \
-		    } else { \
-			need += 4 + strlen(type) + strlen(name); \
-		    } \
-		} \
-	    } \
-	    if (!pass) { \
-		result = malloc(need); \
-		if (!result) \
-		    break; \
-		result[0] = '\0'; \
-	    } \
-	} \
-	CTRACE((tfp, "->%s\n", result)); \
-	return result
-
-/*
- * Given an array of compression id's, convert to string for GNUTLS.
- */
-static char *StringOfCIPHER(int *id_ptr)
-{
-    IdsToString("", gnutls_cipher_get_name, id_ptr);
-}
-
-/*
- * Given an array of compression id's, convert to string for GNUTLS.
- */
-static char *StringOfCOMP(int *id_ptr)
-{
-    IdsToString("COMP-", gnutls_compression_get_name, id_ptr);
-}
-
-/*
- * Given an array of key-exchange id's, convert to string for GNUTLS.
- */
-static char *StringOfKX(int *id_ptr)
-{
-    IdsToString("", gnutls_kx_get_name, id_ptr);
-}
-
-/*
- * Given an array of MAC algorithm id's, convert to string for GNUTLS.
- */
-static char *StringOfMAC(int *id_ptr)
-{
-    IdsToString("", gnutls_mac_get_name, id_ptr);
-}
-
-/*
- * Given an array of protocol id's, convert to string for GNUTLS.
- */
-static char *StringOfVERS(int *vers_ptr)
-{
-    IdsToString("VERS-", gnutls_protocol_get_name, vers_ptr);
-}
-
-static void UpdatePriority(SSL * ssl)
-{
-    SSL_METHOD *method = ssl->ctx->method;
-    char *complete = 0;
-    char *pnames;
-    const char *err_pos = 0;
-    int code;
-
-    StrAllocCopy(complete, "NONE");
-    if ((pnames = StringOfVERS(method->priority.protocol)) != 0) {
-	StrAllocCat(complete, pnames);
-	free(pnames);
-    }
-    if ((pnames = StringOfCIPHER(method->priority.encrypts)) != 0) {
-	StrAllocCat(complete, pnames);
-	free(pnames);
-    }
-    if ((pnames = StringOfCOMP(method->priority.compress)) != 0) {
-	StrAllocCat(complete, pnames);
-	free(pnames);
-    }
-    if ((pnames = StringOfKX(method->priority.key_xchg)) != 0) {
-	StrAllocCat(complete, pnames);
-	free(pnames);
-    }
-    if ((pnames = StringOfMAC(method->priority.msg_code)) != 0) {
-	StrAllocCat(complete, pnames);
-	free(pnames);
-    }
-    CTRACE((tfp, "set priorities %s\n", complete));
-    code = gnutls_priority_set_direct(ssl->gnutls_state, complete, &err_pos);
-    CTRACE((tfp, "CHECK %d:%s\n", code, NonNull(err_pos)));
-    FREE(complete);
-}
-#endif /* USE_SET_DIRECT */
-
 static void RemoveProtocol(SSL * ssl, int protocol)
 {
     int j, k;
@@ -395,12 +279,7 @@ static void RemoveProtocol(SSL * ssl, int protocol)
     }
 
     if (changed) {
-#if USE_SET_DIRECT
-	CTRACE((tfp, "RemoveProtocol\n"));
-	UpdatePriority(ssl);
-#else
 	gnutls_protocol_set_priority(ssl->gnutls_state, protocols);
-#endif
     }
 }
 
@@ -542,21 +421,7 @@ SSL *SSL_new(SSL_CTX * ctx)
 	    ssl->ctx = ctx;
 
 	    gnutls_init(&ssl->gnutls_state, ctx->method->connend);
-
-#if USE_SET_DIRECT
-	    UpdatePriority(ssl);
-#else
-	    gnutls_protocol_set_priority(ssl->gnutls_state,
-					 ctx->method->priority.protocol);
-	    gnutls_cipher_set_priority(ssl->gnutls_state,
-				       ctx->method->priority.encrypts);
-	    gnutls_compression_set_priority(ssl->gnutls_state,
-					    ctx->method->priority.compress);
-	    gnutls_kx_set_priority(ssl->gnutls_state,
-				   ctx->method->priority.key_xchg);
-	    gnutls_mac_set_priority(ssl->gnutls_state,
-				    ctx->method->priority.msg_code);
-#endif
+	    gnutls_set_default_priority(ssl->gnutls_state);
 
 	    gnutls_credentials_set(ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
 				   ssl->gnutls_cred);
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2025-06-24 08:24:07 +0000