Fedora 33 disabled protocols below TLS 1.2 through crypto policy [1].
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Strong_crypto_s... Signed-off-by: Paul Gofman pgofman@codeweavers.com --- I suppose other distros are also likely to move this way. So we need to overrides that to keep earlier protocols working which still work on Windows. Gnutls finds and loads the system priority file during library initialization, so the override has effect only for the first dlopen( SONAME_LIBGNUTLS ) in the process and needs to be done in each place where Wine loads gnutls library.
dlls/bcrypt/gnutls.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c index e85085499ca..976fa44214a 100644 --- a/dlls/bcrypt/gnutls.c +++ b/dlls/bcrypt/gnutls.c @@ -224,6 +224,7 @@ static BOOL gnutls_initialize(void) { int ret;
+ setenv("GNUTLS_SYSTEM_PRIORITY_FILE", "/dev/null", 0); if (!(libgnutls_handle = dlopen( SONAME_LIBGNUTLS, RTLD_NOW ))) { ERR_(winediag)( "failed to load libgnutls, no support for encryption\n" );
Signed-off-by: Paul Gofman pgofman@codeweavers.com --- dlls/crypt32/unixlib.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/dlls/crypt32/unixlib.c b/dlls/crypt32/unixlib.c index 47be5691005..48559fc21f7 100644 --- a/dlls/crypt32/unixlib.c +++ b/dlls/crypt32/unixlib.c @@ -88,6 +88,7 @@ BOOL gnutls_initialize(void) { int ret;
+ setenv("GNUTLS_SYSTEM_PRIORITY_FILE", "/dev/null", 0); if (!(libgnutls_handle = dlopen( SONAME_LIBGNUTLS, RTLD_NOW ))) { ERR_(winediag)( "failed to load libgnutls, no support for pfx import/export\n" );
Hi,
While running your changed tests, I think I found new failures. Being a bot and all I'm not very good at pattern recognition, so I might be wrong, but could you please double-check?
Full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=81729
Your paranoid android.
=== debiant (32 bit WoW report) ===
bcrypt: bcrypt.c:2638: Test failed: got 243 bcrypt.c:2648: Test failed: got c000a000
Signed-off-by: Paul Gofman pgofman@codeweavers.com --- dlls/secur32/schannel_gnutls.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/dlls/secur32/schannel_gnutls.c b/dlls/secur32/schannel_gnutls.c index c4a36a899a0..7d7e3dd9e96 100644 --- a/dlls/secur32/schannel_gnutls.c +++ b/dlls/secur32/schannel_gnutls.c @@ -979,6 +979,7 @@ BOOL schan_imp_init(void) { int ret;
+ setenv("GNUTLS_SYSTEM_PRIORITY_FILE", "/dev/null", 0); libgnutls_handle = dlopen(SONAME_LIBGNUTLS, RTLD_NOW); if (!libgnutls_handle) {
On Wed, 2020-11-11 at 17:09 +0300, Paul Gofman wrote:
Fedora 33 disabled protocols below TLS 1.2 through crypto policy [1].
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Strong_crypto_s... Signed-off-by: Paul Gofman pgofman@codeweavers.com
I suppose other distros are also likely to move this way. So we need to overrides that to keep earlier protocols working which still work on Windows.
Should we print a warning message?
On 11/11/20 18:12, Hans Leidekker wrote:
On Wed, 2020-11-11 at 17:09 +0300, Paul Gofman wrote:
Fedora 33 disabled protocols below TLS 1.2 through crypto policy [1].
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Strong_crypto_s... Signed-off-by: Paul Gofman pgofman@codeweavers.com
I suppose other distros are also likely to move this way. So we need to overrides that to keep earlier protocols working which still work on Windows.Should we print a warning message?
Do you mean print that each time we load gnutls, a WARN to winediag?
On Wed, 2020-11-11 at 18:14 +0300, Paul Gofman wrote:
On 11/11/20 18:12, Hans Leidekker wrote:
On Wed, 2020-11-11 at 17:09 +0300, Paul Gofman wrote:
Fedora 33 disabled protocols below TLS 1.2 through crypto policy [1].
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Strong_crypto_s... Signed-off-by: Paul Gofman pgofman@codeweavers.com
I suppose other distros are also likely to move this way. So we need to overrides that to keep earlier protocols working which still work on Windows.Should we print a warning message?
Do you mean print that each time we load gnutls, a WARN to winediag?
I think the default debug channel would be more appropriate.
On 11/11/20 18:28, Hans Leidekker wrote:
On Wed, 2020-11-11 at 18:14 +0300, Paul Gofman wrote:
On 11/11/20 18:12, Hans Leidekker wrote:
On Wed, 2020-11-11 at 17:09 +0300, Paul Gofman wrote:
Fedora 33 disabled protocols below TLS 1.2 through crypto policy [1].
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Strong_crypto_s... Signed-off-by: Paul Gofman pgofman@codeweavers.com
I suppose other distros are also likely to move this way. So we need to overrides that to keep earlier protocols working which still work on Windows.Should we print a warning message?
Do you mean print that each time we load gnutls, a WARN to winediag?
I think the default debug channel would be more appropriate.
Yeah, I will do that, will probably check if the env var is set already to make the message more informative.
-
Hans Leidekker -
Marvin -
Paul Gofman