From: mcgrof@do-not-panic.com (Luis R. Rodriguez)
To: cocci@systeme.lip6.fr
Subject: [Cocci] [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set()
Date: Fri, 20 Nov 2015 09:47:45 -0800 [thread overview]
Message-ID: <1448041672-3986-3-git-send-email-mcgrof@do-not-panic.com> (raw)
In-Reply-To: <1448041672-3986-1-git-send-email-mcgrof@do-not-panic.com>
From: "Luis R. Rodriguez" <mcgrof@suse.com>
Using deprecate gnutls_*_set() triggers a failure to compile
with gnutls30-3.4.4, used on OpenSUSE factory:
../libqemu_common.a(vnc.o): In function `vnc_start_tls':
~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2164: undefined reference to `gnutls_kx_set_priority'
~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2171: undefined reference to `gnutls_certificate_type_set_priority'
~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2178: undefined reference to `gnutls_protocol_set_priority'
This compilation issue can be fixed by using the new routine
gnutls_priority_set_direct() which replaces the deprecated calls
which also simplifies the code considerably.
The following Coccinelle rule expresses the change in a general
grammar form, this could be used should the code be rebased, or
to do the transformation in other projects using the same gnutls
library.
@ vars @
identifier kx_x509, kx_anon, cert_type_priority, protocol_priority;
declarer name NEED_X509_AUTH;
@@
-int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
-int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
-int kx_anon[] = { GNUTLS_KX_ANON_DH, 0};
-int kx_x509[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
@ calls_kx_set_priority @
identifier vars.kx_x509, vars.kx_anon;
expression need_x509;
struct VncState *vs;
@@
-if (gnutls_kx_set_priority(vs->tls_session, need_x509 ? kx_x509 : kx_anon) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
-}
@ calls_certificate_type_set_priority depends on calls_kx_set_priority @
identifier vars.cert_type_priority;
struct VncState *calls_kx_set_priority.vs;
@@
-if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
-}
@ calls_protocol_set_priority depends on calls_certificate_type_set_priority @
identifier vars.protocol_priority;
struct VncState *calls_kx_set_priority.vs;
expression calls_kx_set_priority.need_x509;
@@
-if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
-}
+if (gnutls_priority_set_direct(vs->tls_session, need_x509 ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
+ gnutls_deinit(vs->tls_session);
+ vs->tls_session = NULL;
+ vnc_client_error(vs);
+ return -1;
+}
Generated-by: Coccinelle SmPL
Cc: cocci at systeme.lip6.fr
Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com>
---
vnc.c | 21 +--------------------
1 file changed, 1 insertion(+), 20 deletions(-)
diff --git a/vnc.c b/vnc.c
index 7629dfa18645..32c604084a5b 100644
--- a/vnc.c
+++ b/vnc.c
@@ -2137,11 +2137,6 @@ static void vnc_handshake_io(void *opaque) {
static int vnc_start_tls(struct VncState *vs) {
- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
-
VNC_DEBUG("Do TLS setup\n");
if (vnc_tls_initialize() < 0) {
VNC_DEBUG("Failed to init TLS\n");
@@ -2161,21 +2156,7 @@ static int vnc_start_tls(struct VncState *vs) {
return -1;
}
- if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
+ if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
gnutls_deinit(vs->tls_session);
vs->tls_session = NULL;
vnc_client_error(vs);
--
2.6.2
WARNING: multiple messages have this Message-ID (diff)
From: "Luis R. Rodriguez" <mcgrof@do-not-panic.com>
To: xen-devel@lists.xensource.com, ian.campbell@citrix.com,
JBeulich@suse.com
Cc: samuel.thibault@ens-lyon.org, pryorm09@gmail.com,
cfergeau@redhat.com, cocci@systeme.lip6.fr
Subject: [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set()
Date: Fri, 20 Nov 2015 09:47:45 -0800 [thread overview]
Message-ID: <1448041672-3986-3-git-send-email-mcgrof@do-not-panic.com> (raw)
In-Reply-To: <1448041672-3986-1-git-send-email-mcgrof@do-not-panic.com>
From: "Luis R. Rodriguez" <mcgrof@suse.com>
Using deprecate gnutls_*_set() triggers a failure to compile
with gnutls30-3.4.4, used on OpenSUSE factory:
../libqemu_common.a(vnc.o): In function `vnc_start_tls':
~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2164: undefined reference to `gnutls_kx_set_priority'
~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2171: undefined reference to `gnutls_certificate_type_set_priority'
~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2178: undefined reference to `gnutls_protocol_set_priority'
This compilation issue can be fixed by using the new routine
gnutls_priority_set_direct() which replaces the deprecated calls
which also simplifies the code considerably.
The following Coccinelle rule expresses the change in a general
grammar form, this could be used should the code be rebased, or
to do the transformation in other projects using the same gnutls
library.
@ vars @
identifier kx_x509, kx_anon, cert_type_priority, protocol_priority;
declarer name NEED_X509_AUTH;
@@
-int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
-int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
-int kx_anon[] = { GNUTLS_KX_ANON_DH, 0};
-int kx_x509[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
@ calls_kx_set_priority @
identifier vars.kx_x509, vars.kx_anon;
expression need_x509;
struct VncState *vs;
@@
-if (gnutls_kx_set_priority(vs->tls_session, need_x509 ? kx_x509 : kx_anon) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
-}
@ calls_certificate_type_set_priority depends on calls_kx_set_priority @
identifier vars.cert_type_priority;
struct VncState *calls_kx_set_priority.vs;
@@
-if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
-}
@ calls_protocol_set_priority depends on calls_certificate_type_set_priority @
identifier vars.protocol_priority;
struct VncState *calls_kx_set_priority.vs;
expression calls_kx_set_priority.need_x509;
@@
-if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
-}
+if (gnutls_priority_set_direct(vs->tls_session, need_x509 ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
+ gnutls_deinit(vs->tls_session);
+ vs->tls_session = NULL;
+ vnc_client_error(vs);
+ return -1;
+}
Generated-by: Coccinelle SmPL
Cc: cocci@systeme.lip6.fr
Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com>
---
vnc.c | 21 +--------------------
1 file changed, 1 insertion(+), 20 deletions(-)
diff --git a/vnc.c b/vnc.c
index 7629dfa18645..32c604084a5b 100644
--- a/vnc.c
+++ b/vnc.c
@@ -2137,11 +2137,6 @@ static void vnc_handshake_io(void *opaque) {
static int vnc_start_tls(struct VncState *vs) {
- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
-
VNC_DEBUG("Do TLS setup\n");
if (vnc_tls_initialize() < 0) {
VNC_DEBUG("Failed to init TLS\n");
@@ -2161,21 +2156,7 @@ static int vnc_start_tls(struct VncState *vs) {
return -1;
}
- if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
- }
-
- if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
+ if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
gnutls_deinit(vs->tls_session);
vs->tls_session = NULL;
vnc_client_error(vs);
--
2.6.2
next prev parent reply other threads:[~2015-11-20 17:47 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-20 17:47 [PATCH 0/9] xen: build fixes with gcc5 and binutils 2.25.0 Luis R. Rodriguez
2015-11-20 17:47 ` [PATCH 1/9] Revert "Use the extra stack for 16bit USB and PS2 keyboard/mouse commands." Luis R. Rodriguez
2015-11-20 17:47 ` Luis R. Rodriguez [this message]
2015-11-20 17:47 ` [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set() Luis R. Rodriguez
2015-11-25 14:53 ` [Cocci] [Xen-devel] " Konrad Rzeszutek Wilk
2015-11-25 14:53 ` Konrad Rzeszutek Wilk
2015-11-25 19:36 ` [Cocci] [Xen-devel] " Luis R. Rodriguez
2015-11-25 19:36 ` Luis R. Rodriguez
2015-11-25 20:44 ` [Cocci] " Konrad Rzeszutek Wilk
2015-11-25 20:44 ` Konrad Rzeszutek Wilk
2016-02-06 1:44 ` [Cocci] [Xen-devel] " Luis R. Rodriguez
2016-02-06 1:44 ` Luis R. Rodriguez
2016-02-06 3:45 ` [Cocci] " Konrad Rzeszutek Wilk
2016-02-06 3:45 ` Konrad Rzeszutek Wilk
2016-02-06 4:03 ` [Cocci] [Xen-devel] " Luis R. Rodriguez
2016-02-06 4:03 ` Luis R. Rodriguez
2016-02-06 4:12 ` [Cocci] [Xen-devel] " Konrad Rzeszutek Wilk
2016-02-06 4:12 ` Konrad Rzeszutek Wilk
2016-02-06 4:36 ` [Cocci] [Xen-devel] " Luis R. Rodriguez
2016-02-06 4:36 ` Luis R. Rodriguez
2016-02-06 20:18 ` [Cocci] [Xen-devel] " Doug Goldstein
2016-02-06 20:18 ` Doug Goldstein
2016-02-09 10:54 ` Jan Beulich
2016-02-09 15:46 ` [Cocci] [Xen-devel] " Luis R. Rodriguez
2016-02-09 15:46 ` Luis R. Rodriguez
2016-02-09 16:06 ` Jan Beulich
2016-02-09 16:36 ` Olaf Hering
2016-02-09 16:42 ` [Cocci] [Xen-devel] " Luis R. Rodriguez
2016-02-09 16:42 ` Luis R. Rodriguez
2016-02-09 18:23 ` Olaf Hering
2016-02-10 3:04 ` [Cocci] [Xen-devel] " Luis R. Rodriguez
2016-02-10 3:04 ` Luis R. Rodriguez
2016-02-10 9:46 ` Ian Campbell
2016-02-10 15:41 ` [Cocci] [Xen-devel] " Luis R. Rodriguez
2016-02-10 15:41 ` Luis R. Rodriguez
2016-02-10 15:44 ` Olaf Hering
2016-02-10 15:55 ` [Cocci] [Xen-devel] " Luis R. Rodriguez
2016-02-10 15:55 ` Luis R. Rodriguez
2015-11-20 17:47 ` [PATCH 3/9] hw/usb-net.c: fix state check Luis R. Rodriguez
2015-11-20 17:47 ` [PATCH 4/9] qemu-xen-dir: spice: remove spice-experimental.h include Luis R. Rodriguez
2015-11-20 17:47 ` [PATCH 5/9] qemu-xen-dir: virtio-rng: fix check for period_ms validity Luis R. Rodriguez
2015-11-20 17:47 ` [PATCH 6/9] mini-os: fix linker warning with app.lds Luis R. Rodriguez
2015-11-20 17:47 ` [PATCH 7/9] stubdom: fix unfound libgmp library issues Luis R. Rodriguez
2015-11-20 17:47 ` [PATCH 8/9] vtpm: fix vtpmblk.c compilation warning Luis R. Rodriguez
2015-11-20 17:47 ` [PATCH 9/9] vtpm: guard against redefining TPM_VENDOR_COMMAND Luis R. Rodriguez
2016-02-06 1:48 ` [PATCH 0/9] xen: build fixes with gcc5 and binutils 2.25.0 Luis R. Rodriguez
2016-02-06 3:52 ` Konrad Rzeszutek Wilk
2016-02-06 4:07 ` Luis R. Rodriguez
2016-02-06 20:22 ` Doug Goldstein
2016-02-07 5:34 ` Fengguang Wu
2016-02-08 9:58 ` Ian Campbell
2016-02-09 15:56 ` Luis R. Rodriguez
2016-02-09 16:26 ` Ian Campbell
2016-02-09 16:39 ` Luis R. Rodriguez
2016-02-10 9:34 ` Ian Campbell
2016-02-09 8:08 ` Jan Beulich
2016-02-09 16:09 ` Luis R. Rodriguez
2016-02-09 16:22 ` Ian Campbell
2016-02-09 16:30 ` Luis R. Rodriguez
2016-02-09 16:39 ` Ian Campbell
2016-02-09 16:53 ` Luis R. Rodriguez
2016-02-10 5:21 ` Luis R. Rodriguez
2016-02-10 9:38 ` Ian Campbell
2016-02-10 5:44 ` Luis R. Rodriguez
2016-02-10 9:47 ` Ian Campbell
2016-02-11 8:08 ` Olaf Hering
2016-02-10 0:24 ` Dario Faggioli
[not found] <1447975341-32070-1-git-send-email-mcgrof@do-not-panic.com>
2015-11-19 23:22 ` [Cocci] [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set() Luis R. Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1448041672-3986-3-git-send-email-mcgrof@do-not-panic.com \
--to=mcgrof@do-not-panic.com \
--cc=cocci@systeme.lip6.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.