[Pkg-giraffe-maintainers] Bug#812969: libvmime: FTBFS: net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope

Andreas Metzler ametzler at bebt.de
Mon Feb 1 19:14:08 UTC 2016


On 2016-02-01 Carsten Schoenert <c.schoenert at t-online.de> wrote:
[...]
> Peter Green has submitted a debdiff with a possibly solution that's seen
> below. I'm not a security expert on those used functions inside libvmime
> and found a another solution based on suggestions for upgrading to 3.4
> [1] and created a patch that's appended.
[...]

Hello,

I am not able to do a code review but:
const char certTypePriority[] = { GNUTLS_CRT_X509, 0 };
const char protoPriority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
const char cipherPriority[] = [list of ciphers]
const char macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};

Neither of these look very sane or useful to me. The certtype priority
setting matches the GnuTLS default and the other ones explicitely choose
algoritms that do not look like a improvement. (SSLv3, seriously?)

I think dropping these settings and using
gnutls_set_default_priority() would be a much better notion. This way
you would simply rely on the "sane and safe choice" from GnuTLS
instead of trying to reinvent the wheel.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Pkg-giraffe-maintainers mailing list