From: Jan Grulich <jgrulich@redhat.com>
Date: Thu, 15 Jul 2021 18:42:16 +0000 (+0200)
Subject: Fix priority string when using newer GnuTLS
X-Git-Tag: v1.11.90~26
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7f1e1e370e5fab9657edec1f1e74c49014769d15;p=tigervnc.git

Fix priority string when using newer GnuTLS

The call of gnutls_set_default_priority_append() expects a normal priority
string, which means it must not start with ':'.
---

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 0354191a..df4b37b5 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -238,7 +238,9 @@ void CSecurityTLS::setParam()
     const char *err;
 
 #if GNUTLS_VERSION_NUMBER >= 0x030603
-    ret = gnutls_set_default_priority_append(session, kx_anon_priority, &err, 0);
+    // gnutls_set_default_priority_appends() expects a normal priority string that
+    // doesn't start with ":".
+    ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0);
     if (ret != GNUTLS_E_SUCCESS) {
       if (ret == GNUTLS_E_INVALID_REQUEST)
         vlog.error("GnuTLS priority syntax error at: %s", err);
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index 6216ffd9..f3d58ae0 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -229,7 +229,9 @@ void SSecurityTLS::setParams(gnutls_session_t session)
     const char *err;
 
 #if GNUTLS_VERSION_NUMBER >= 0x030603
-    ret = gnutls_set_default_priority_append(session, kx_anon_priority, &err, 0);
+    // gnutls_set_default_priority_appends() expects a normal priority string that
+    // doesn't start with ":".
+    ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0);
     if (ret != GNUTLS_E_SUCCESS) {
       if (ret == GNUTLS_E_INVALID_REQUEST)
         vlog.error("GnuTLS priority syntax error at: %s", err);