Bug 8780 - Uses deprecated _set_priority GnuTLS functions
Summary: Uses deprecated _set_priority GnuTLS functions
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Build (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: 4.1
Assignee: Karolin Seeger
QA Contact: samba4-qa@samba.org
Depends on:
Reported: 2012-02-26 20:53 UTC by Jelmer Vernooij
Modified: 2015-06-06 20:02 UTC (History)
4 users (show)

See Also:

[PATCH] s4:lib/tls: use gnutls_priority_set_direct() (2.58 KB, patch)
2015-04-13 19:22 UTC, Evangelos Foutras
no flags Details
[PATCH v2] s4:lib/tls: use gnutls_priority_set_direct() (2.25 KB, patch)
2015-04-13 20:31 UTC, Evangelos Foutras
no flags Details
0001-s4-lib-tls-fix-build-with-gnutls-3.4.patch (2.70 KB, patch)
2015-05-05 12:04 UTC, Björn Jacke
jelmer: review+
bjacke: review+
cherry-pick patch for 4.2 (2.70 KB, patch)
2015-05-28 11:16 UTC, Björn Jacke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jelmer Vernooij 2012-02-26 20:53:02 UTC
Forwarded from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624075:

This package is using some functions which are marked deprecated in
newer versions of GnuTLS (>=2.12.x). (They are not yet removed, though.)
These functions will be removed in future releases. GnuTLS 2.12.x is
already available in experimental.

Excerpt from buildlog:
../lib/tls/tls.c:569:2: warning: 'gnutls_certificate_type_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:347)
../lib/tls/tls_tstream.c:921:2: warning: 'gnutls_certificate_type_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:347)

The gnutls_*_set_priority family of functions has been marked deprecated
in 2.12.x. These functions have been superceded by 
gnutls_priority_set_direct(). The replacement function was added in gnutls
stable release 2.2.0 (released 2007-12-14).
Comment 1 Evangelos Foutras 2015-04-13 19:22:45 UTC
Created attachment 10947 [details]
[PATCH] s4:lib/tls: use gnutls_priority_set_direct()

gnutls_certificate_type_set_priority() has been removed in GnuTLS 3.4.0.

The attached patch replaces the calls to gnutls_set_default_priority() and gnutls_certificate_type_set_priority() with a single call to gnutls_priority_set_direct(), passing "NORMAL:+CTYPE-OPENPGP" as the priorities string.

Note: I haven't tested the patch; I have only confirmed that Samba 4.2.0 builds against GnuTLS 3.4.0 after applying it. The transition to gnutls_priority_set_direct() seems pretty straightforward, but I might have missed something.
Comment 2 Evangelos Foutras 2015-04-13 20:31:52 UTC
Created attachment 10948 [details]
[PATCH v2] s4:lib/tls: use gnutls_priority_set_direct()

I realized that my previous patch might have changed the code logic in a way that required GnuTLS to be built with OpenPGP support.

This new patch only replaces the gnutls_certificate_type_set_priority() calls and leaves the gnutls_set_default_priority() ones alone.
Comment 3 Björn Jacke 2015-05-05 12:04:21 UTC
Created attachment 11020 [details]

cherry pick patch that should go to 4.1 and 4.2
Comment 4 Karolin Seeger 2015-05-21 07:51:31 UTC
Pushed to autobuild-v4-1-test.
Patch does not apply on current v4-2-test.
Re-assigning to Björn.
Comment 5 Björn Jacke 2015-05-28 11:16:54 UTC
Created attachment 11100 [details]
cherry-pick patch for 4.2

# git cherry-pick -x c6ad8a10c12c8a79dc83cab1591e5279edd62bd6
applied cleanly for 4-2-test. For reference here it is attached.
Comment 6 Karolin Seeger 2015-06-01 19:24:28 UTC
(In reply to Björn Jacke from comment #5)
Strange, it failed again.
I cherry-picked it. Pushed to autobuild-v4-2-test.
Comment 7 Karolin Seeger 2015-06-06 20:02:19 UTC
(In reply to Karolin Seeger from comment #6)
Pushed to v4-2-test.
Closing out bug report.