Bug#359054: Bug#357624: [Pkg-gnutls-maint] Bug#357624: bug is in libetpan

[Ricardo Mones]

On Mon, 25 Sep 2006 16:06:17 +0400
"Nikita V. Youshchenko" <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> > > > I've prepared a new version of libetpan package, that has this patch
> > > > applied...
> > >
> > > The segfault still happens ...
> >
> > Could you compile with debugging symbols and show the stack trace of
> > the crash ?
> 
> Dinh, could it happen that applying only the mentioned patch (without all 
> the rest that was committed to CVS since 0.46 release) results in broken 
> code?

  Finally Colin got a patch which at least works for me and the IMAP
server which I use (btw, it's a (Cyrus v2.2.3) with LMTP; on OpenBSD 3.4
(GENERIC)).

  Thanks Colin! ;)

  It's against 0.46, so it replaces the current patch in patches/.
  
  regards,
-- 
 Ricardo Mones
 http://people.debian.org/~mones
 «All the troubles you have will pass away very quickly.»

--- libetpan-0.46/src/data-types/mailstream_ssl.c	2006-06-26 13:50:26.000000000 +0200
+++ mailstream_ssl.c	2006-09-25 19:05:18.000000000 +0200
@@ -30,7 +30,7 @@
  */
 
 /*
- * $Id: mailstream_ssl.c,v 1.38 2006/06/26 11:50:26 hoa Exp $
+ * $Id: mailstream_ssl.c,v 1.40 2006/09/24 08:42:37 colinleroy Exp $
  */
 
 /*
@@ -162,6 +162,7 @@
 #ifdef USE_SSL
 static inline int mailstream_prepare_fd(int fd)
 {
+#ifndef WIN32
   int fd_flags;
   int r;
   
@@ -170,6 +171,7 @@
   r = fcntl(fd, F_SETFL, fd_flags);
   if (r < 0)
     return -1;
+#endif
   
   return 0;
 }
@@ -269,19 +271,37 @@
 {
   struct mailstream_ssl_data * ssl_data;
   gnutls_session session;
-  gnutls_anon_client_credentials anoncred;
+  
+  const int cipher_prio[] = { GNUTLS_CIPHER_AES_128_CBC,
+		  		GNUTLS_CIPHER_3DES_CBC,
+		  		GNUTLS_CIPHER_AES_256_CBC,
+		  		GNUTLS_CIPHER_ARCFOUR_128, 0 };
+  const int kx_prio[] = { GNUTLS_KX_DHE_RSA,
+		  	   GNUTLS_KX_RSA, 
+		  	   GNUTLS_KX_DHE_DSS, 0 };
+  const int mac_prio[] = { GNUTLS_MAC_SHA1,
+		  		GNUTLS_MAC_MD5, 0 };
+  const int proto_prio[] = { GNUTLS_TLS1,
+		  		  GNUTLS_SSL3, 0 };
+
+  gnutls_certificate_credentials_t xcred;
   int r;
   
   mailstream_ssl_init();
   
-  gnutls_anon_allocate_client_credentials (&anoncred);
-
+  gnutls_certificate_allocate_credentials (&xcred);
   r = gnutls_init(&session, GNUTLS_CLIENT);
   if (session == NULL)
     return NULL;
   
-  r = gnutls_set_default_priority(session);
-  r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, anoncred);
+  gnutls_set_default_priority(session);
+  gnutls_protocol_set_priority (session, proto_prio);
+  gnutls_cipher_set_priority (session, cipher_prio);
+  gnutls_kx_set_priority (session, kx_prio);
+  gnutls_mac_set_priority (session, mac_prio);
+
+  r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
   gnutls_transport_set_ptr(session, (gnutls_transport_ptr) fd);
 
   do {