Bug#812969: libvmime: FTBFS: net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope

[peter green]

On 01/02/16 07:45, Carsten Schoenert wrote:
> Can you give us a suggestion how to handle this issues? I've seen a
> similar solution like mine on the samba package upstream [5]. The zarafa
> suite isn't using this parts of the libvmime package as they connect
> locally to localhost. But the we have to provide a secure libvmime
> package.
>    
I'm not one of the gnutls maintainers but IMO you should only override 
the defaults set by your tls library if you have good reason AND you are 
prepared to maintain your modifications over the long term to take 
account of changing best practice.

The non-default settings in this package were clearly not being 
maintained. If we look at protocol versions for example.

SSLv3 is sufficiently broken that there is a RFC saying it MUST NOT be used.
TLSv1 is better but only borderline acceptable nowadays (current tls 
version is 1.2).

The ciphersuite settings are no better.
RC4 is sufficiently broken that there is a RFC saying it MUST NOT be used.
3DES is not quite as bad and is possiblly the least bad option for 
interacting with certain legacy systems but it's slower than other 
ciphers with comparable security and the CBC modes suffer from 
weaknesses in certain scenarios.

and much the same story applies to the rest of the settings.