[Bug 53344] HPLOCONS (legacy TLS applications): GnuTLS priority string overrides are ignored in schan_create_session() (patch included)

[WineHQ Bugzilla]

https://bugs.winehq.org/show_bug.cgi?id=53344

--- Comment #5 from iLOveBugs <cflwxa at knowledgemd.com> ---
The current behaviour is that the priority string is constructed in the
"priority" variable and then set in the session. My patch initializes the
priority string in the session object "s" with the system's default priority
string (which the user can override with GNUTLS_SYSTEM_PRIORITY_FILE), which
always starts with a keyword like NORMAL. Then instead of using "priority" to
set the session priority, "priority" is appended.

Before:
1. priority is initialized with "NORMAL:%LATEST_RECORD_VERSION"
2. ":-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0" is appended to priority
3. session priority is set to priority
4. Result:
"NORMAL:%LATEST_RECORD_VERSION:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0"

With patch:
1. priority is initialized with "%LATEST_RECORD_VERSION" (not a valid priority
string anymore, maybe name it priority_append instead?)
2. system default priority string is prepended to session priority (the default
is "NORMAL", set by "--with-default-priority-string" during compilation or
overridden by GNUTLS_SYSTEM_PRIORITY_FILE at runtime)
3. ":-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0" is appended to priority
4. priority is appended to session priority (gnutls_set_default_priority_append
adds leading ":")
5. Result: "<system default priority
string>:%LATEST_RECORD_VERSION:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0"

The reason I do it like this is that there is no getter function
gnutls_get_default_priority and I tried to interact with GnuTLS in a stable
way.

I have attached a new patch made with "diff -up".

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.