gnutls: don't use gnutls_certificate_type_set_priority.

[wget] / src / gnutls.c

diff --git a/src/gnutls.c b/src/gnutls.c
index a1054a4d89c9804dd3f31b794e22924c2b7a022b..82abcee072037753dd869aa03628cd9256d57f2c 100644 (file)
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -40,7 +40,6 @@ as that of the covered work.  */
 
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
-#include <fcntl.h>
 #include <sys/ioctl.h>
 
 #include "utils.h"
@@ -175,7 +174,7 @@ wgnutls_poll (int fd, double timeout, int wait_for, void *arg)
 static int
 wgnutls_peek (int fd, char *buf, int bufsize, void *arg)
 {
-  int ret = 0, read = 0;
+  int read = 0;
   struct wgnutls_transport_context *ctx = arg;
   int offset = MIN (bufsize, ctx->peeklen);
   if (bufsize > sizeof ctx->peekbuf)
@@ -186,24 +185,13 @@ wgnutls_peek (int fd, char *buf, int bufsize, void *arg)
 
   if (bufsize > offset)
     {
-#ifdef F_GETFL
-      int flags;
-      flags = fcntl (fd, F_GETFL, 0);
-      if (flags < 0)
-        return ret;
-
-      ret = fcntl (fd, F_SETFL, flags | O_NONBLOCK);
-      if (ret < 0)
-        return ret;
-#else
-      /* XXX: Assume it was blocking before.  */
-      const int one = 1;
-      ret = ioctl (fd, FIONBIO, &one);
-      if (ret < 0)
-        return ret;
-#endif
-      read = gnutls_record_recv (ctx->session, buf + offset,
-                                 bufsize - offset);
+      if (gnutls_record_check_pending (ctx->session) <= 0
+          && select_fd (fd, 0.0, WAIT_FOR_READ) <= 0)
+        read = 0;
+      else
+        read = gnutls_record_recv (ctx->session, buf + offset,
+                                   bufsize - offset);
+
       if (read < 0)
         {
           if (offset)
@@ -218,17 +206,6 @@ wgnutls_peek (int fd, char *buf, int bufsize, void *arg)
                   read);
           ctx->peeklen += read;
         }
-
-#ifdef F_GETFL
-      ret = fcntl (fd, F_SETFL, flags);
-      if (ret < 0)
-        return ret;
-#else
-      const int zero = 0;
-      ret = ioctl (fd, FIONBIO, &zero);
-      if (ret < 0)
-        return ret;
-#endif
     }
 
   return offset + read;
@@ -263,16 +240,11 @@ static struct transport_implementation wgnutls_transport =
 bool
 ssl_connect_wget (int fd)
 {
-  static const int cert_type_priority[] = {
-    GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0
-  };
   struct wgnutls_transport_context *ctx;
   gnutls_session session;
   int err;
-  int allowed_protocols[4] = {0, 0, 0, 0};
   gnutls_init (&session, GNUTLS_CLIENT);
   gnutls_set_default_priority (session);
-  gnutls_certificate_type_set_priority (session, cert_type_priority);
   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
 #ifndef FD_TO_SOCKET
 # define FD_TO_SOCKET(X) (X)
@@ -280,6 +252,23 @@ ssl_connect_wget (int fd)
   gnutls_transport_set_ptr (session, (gnutls_transport_ptr) FD_TO_SOCKET (fd));
 
   err = 0;
+#if HAVE_GNUTLS_PRIORITY_SET_DIRECT
+  switch (opt.secure_protocol)
+    {
+    case secure_protocol_auto:
+      break;
+    case secure_protocol_sslv2:
+    case secure_protocol_sslv3:
+      err = gnutls_priority_set_direct (session, "NORMAL:-VERS-TLS-ALL", NULL);
+      break;
+    case secure_protocol_tlsv1:
+      err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL);
+      break;
+    default:
+      abort ();
+    }
+#else
+  int allowed_protocols[4] = {0, 0, 0, 0};
   switch (opt.secure_protocol)
     {
     case secure_protocol_auto:
@@ -289,15 +278,19 @@ ssl_connect_wget (int fd)
       allowed_protocols[0] = GNUTLS_SSL3;
       err = gnutls_protocol_set_priority (session, allowed_protocols);
       break;
+
     case secure_protocol_tlsv1:
       allowed_protocols[0] = GNUTLS_TLS1_0;
       allowed_protocols[1] = GNUTLS_TLS1_1;
       allowed_protocols[2] = GNUTLS_TLS1_2;
       err = gnutls_protocol_set_priority (session, allowed_protocols);
       break;
+
     default:
       abort ();
     }
+#endif
+
   if (err < 0)
     {
       logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));