From 7f1e1e370e5fab9657edec1f1e74c49014769d15 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Thu, 15 Jul 2021 20:42:16 +0200
Subject: [PATCH] Fix priority string when using newer GnuTLS

The call of gnutls_set_default_priority_append() expects a normal priority
string, which means it must not start with ':'.
---
 common/rfb/CSecurityTLS.cxx | 4 +++-
 common/rfb/SSecurityTLS.cxx | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 0354191a..df4b37b5 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -238,7 +238,9 @@ void CSecurityTLS::setParam()
     const char *err;
 
 #if GNUTLS_VERSION_NUMBER >= 0x030603
-    ret = gnutls_set_default_priority_append(session, kx_anon_priority, &err, 0);
+    // gnutls_set_default_priority_appends() expects a normal priority string that
+    // doesn't start with ":".
+    ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0);
     if (ret != GNUTLS_E_SUCCESS) {
       if (ret == GNUTLS_E_INVALID_REQUEST)
         vlog.error("GnuTLS priority syntax error at: %s", err);
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index 6216ffd9..f3d58ae0 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -229,7 +229,9 @@ void SSecurityTLS::setParams(gnutls_session_t session)
     const char *err;
 
 #if GNUTLS_VERSION_NUMBER >= 0x030603
-    ret = gnutls_set_default_priority_append(session, kx_anon_priority, &err, 0);
+    // gnutls_set_default_priority_appends() expects a normal priority string that
+    // doesn't start with ":".
+    ret = gnutls_set_default_priority_append(session, kx_anon_priority + 1, &err, 0);
     if (ret != GNUTLS_E_SUCCESS) {
       if (ret == GNUTLS_E_INVALID_REQUEST)
         vlog.error("GnuTLS priority syntax error at: %s", err);
-- 
2.39.5