[PATCH 1/3] bcrypt: Prevent gnutls from using system priority file.
Paul Gofman
pgofman at codeweavers.com
Wed Nov 11 08:09:29 CST 2020
Fedora 33 disabled protocols below TLS 1.2 through crypto policy [1].
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Strong_crypto_settings:_phase_2
Signed-off-by: Paul Gofman <pgofman at codeweavers.com>
---
I suppose other distros are also likely to move this way. So we need to overrides that to
keep earlier protocols working which still work on Windows.
Gnutls finds and loads the system priority file during library initialization, so the override
has effect only for the first dlopen( SONAME_LIBGNUTLS ) in the process and needs to be done
in each place where Wine loads gnutls library.
dlls/bcrypt/gnutls.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c
index e85085499ca..976fa44214a 100644
--- a/dlls/bcrypt/gnutls.c
+++ b/dlls/bcrypt/gnutls.c
@@ -224,6 +224,7 @@ static BOOL gnutls_initialize(void)
{
int ret;
+ setenv("GNUTLS_SYSTEM_PRIORITY_FILE", "/dev/null", 0);
if (!(libgnutls_handle = dlopen( SONAME_LIBGNUTLS, RTLD_NOW )))
{
ERR_(winediag)( "failed to load libgnutls, no support for encryption\n" );
--
2.28.0
More information about the wine-devel
mailing list