s4:lib/tls: fix build with gnutls 3.4

gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0. Use
gnutls_priority_set_direct instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8780

Signed-off-by: Björn Jacke <bj@sernet.de>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Apr 29 22:29:02 CEST 2015 on sn-devel-104

(cherry picked from commit c6ad8a10c12c8a79dc83cab1591e5279edd62bd6)

Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Thu May 21 12:00:39 CEST 2015 on sn-devel-104

diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 9a3e6106ba021ac03cd45d8b9af7812e3bfcc6e1..7a7a7cd84e1a7465212ecb82901ea1a92b20016f 100644 (file)
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -572,7 +572,6 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
 {
        struct tls_context *tls;
        int ret = 0;
-       const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
        struct socket_context *new_sock;
        NTSTATUS nt_status;
        
@@ -598,7 +597,7 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
        gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM);
        TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
        TLSCHECK(gnutls_set_default_priority(tls->session));
-       gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
+       gnutls_priority_set_direct(tls->session, "NORMAL:+CTYPE-OPENPGP", NULL);
        TLSCHECK(gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->xcred));
 
        talloc_set_destructor(tls, tls_destructor);

diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
index 2cb75edba489a5843078ec742398a527d689b707..b907d0a4d30bb96f0f52e06491661dd6c6f65cf2 100644 (file)
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -967,11 +967,6 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
 #if ENABLE_GNUTLS
        struct tstream_tls *tlss;
        int ret;
-       static const int cert_type_priority[] = {
-               GNUTLS_CRT_X509,
-               GNUTLS_CRT_OPENPGP,
-               0
-       };
 #endif /* ENABLE_GNUTLS */
 
        req = tevent_req_create(mem_ctx, &state,
@@ -1014,7 +1009,7 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
-       gnutls_certificate_type_set_priority(tlss->tls_session, cert_type_priority);
+       gnutls_priority_set_direct(tlss->tls_session, "NORMAL:+CTYPE-OPENPGP", NULL);
 
        ret = gnutls_credentials_set(tlss->tls_session,
                                     GNUTLS_CRD_CERTIFICATE,