search

meduketto / iksemel

Automatically exported from code.google.com/p/iksemel
GNU Lesser General Public License v2.1
31 stars 24 forks source link

FTBFS against gnutls 3.4.0 #45

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
As reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782820
iksemel FTBFS against the recently released GnuTLS 3.4.0:
--------------------------
/bin/bash ../libtool  --tag=CC   --mode=link gcc  -g -O2 -fPIE 
-fstack-protector-strong -Wformat -Werror=format-security -Wall  -fPIE -pie 
-Wl,-z,relro -Wl,-z,now -o ikslint ikslint.o hash.o ../src/libiksemel.la
libtool: link: gcc -g -O2 -fPIE -fstack-protector-strong -Wformat 
-Werror=format-security -Wall -fPIE -pie -Wl,-z -Wl,relro -Wl,-z -Wl,now -o 
.libs/ikslint ikslint.o hash.o  ../src/.libs/libiksemel.so
../src/.libs/libiksemel.so: undefined reference to `gnutls_mac_set_priority'
../src/.libs/libiksemel.so: undefined reference to 
`gnutls_protocol_set_priority'
../src/.libs/libiksemel.so: undefined reference to `gnutls_kx_set_priority'
../src/.libs/libiksemel.so: undefined reference to `gnutls_cipher_set_priority'
../src/.libs/libiksemel.so: undefined reference to 
`gnutls_compression_set_priority'
collect2: error: ld returned 1 exit status
Makefile:386: recipe for target 'ikslint' failed
make[2]: *** [ikslint] Error 1
make[2]: Leaving directory '/tmp/buildd/libiksemel-1.4/tools'
--------------------------
These functions were dropped in 3.4.0, see
http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html#Upg
rading-from-previous-versions
for information on upgrading.

Original issue reported on code.google.com by only...@gmail.com on 19 Apr 2015 at 1:39

ametzler commented 8 years ago

Hello,

I have posted further info in the Debian bug report https://bugs.debian.org/782820 and am copying it below.

The respective code seems to be this one: src/tls-gnutls.c const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; const int kx_priority[] = { GNUTLS_KX_RSA, 0 }; const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; [...] gnutls_protocol_set_priority (data->sess, protocol_priority); gnutls_cipher_set_priority(data->sess, cipher_priority); gnutls_compression_set_priority(data->sess, comp_priority); gnutls_kx_set_priority(data->sess, kx_priority); gnutls_mac_set_priority(data->sess, mac_priority);

Is there a good reason for this selection? Enabling SSL3.0 and disabling TLS1.1 and TLS1.2, allowing MD5 as MAC but not SHA256. etc.

If there is not a very good reason for just move to gnutls_set_default_priority().