Fedora 33 disabled protocols below TLS 1.2 through crypto policy [1].
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Strong_crypto_s... Signed-off-by: Paul Gofman pgofman@codeweavers.com --- I suppose other distros are also likely to move this way. So we need to overrides that to keep earlier protocols working which still work on Windows. Gnutls finds and loads the system priority file during library initialization, so the override has effect only for the first dlopen( SONAME_LIBGNUTLS ) in the process and needs to be done in each place where Wine loads gnutls library.
dlls/bcrypt/gnutls.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c index e85085499ca..976fa44214a 100644 --- a/dlls/bcrypt/gnutls.c +++ b/dlls/bcrypt/gnutls.c @@ -224,6 +224,7 @@ static BOOL gnutls_initialize(void) { int ret;
+ setenv("GNUTLS_SYSTEM_PRIORITY_FILE", "/dev/null", 0); if (!(libgnutls_handle = dlopen( SONAME_LIBGNUTLS, RTLD_NOW ))) { ERR_(winediag)( "failed to load libgnutls, no support for encryption\n" );
Signed-off-by: Paul Gofman pgofman@codeweavers.com --- dlls/crypt32/unixlib.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/dlls/crypt32/unixlib.c b/dlls/crypt32/unixlib.c index 47be5691005..48559fc21f7 100644 --- a/dlls/crypt32/unixlib.c +++ b/dlls/crypt32/unixlib.c @@ -88,6 +88,7 @@ BOOL gnutls_initialize(void) { int ret;
+ setenv("GNUTLS_SYSTEM_PRIORITY_FILE", "/dev/null", 0); if (!(libgnutls_handle = dlopen( SONAME_LIBGNUTLS, RTLD_NOW ))) { ERR_(winediag)( "failed to load libgnutls, no support for pfx import/export\n" );
Hi,
While running your changed tests, I think I found new failures. Being a bot and all I'm not very good at pattern recognition, so I might be wrong, but could you please double-check?
Full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=81729
Your paranoid android.
=== debiant (32 bit WoW report) ===
bcrypt: bcrypt.c:2638: Test failed: got 243 bcrypt.c:2648: Test failed: got c000a000
Signed-off-by: Paul Gofman pgofman@codeweavers.com --- dlls/secur32/schannel_gnutls.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/dlls/secur32/schannel_gnutls.c b/dlls/secur32/schannel_gnutls.c index c4a36a899a0..7d7e3dd9e96 100644 --- a/dlls/secur32/schannel_gnutls.c +++ b/dlls/secur32/schannel_gnutls.c @@ -979,6 +979,7 @@ BOOL schan_imp_init(void) { int ret;
+ setenv("GNUTLS_SYSTEM_PRIORITY_FILE", "/dev/null", 0); libgnutls_handle = dlopen(SONAME_LIBGNUTLS, RTLD_NOW); if (!libgnutls_handle) {
On 11/11/20 18:12, Hans Leidekker wrote:
Do you mean print that each time we load gnutls, a WARN to winediag?
On Wed, 2020-11-11 at 18:14 +0300, Paul Gofman wrote:
I think the default debug channel would be more appropriate.
On 11/11/20 18:28, Hans Leidekker wrote:
Yeah, I will do that, will probably check if the env var is set already to make the message more informative.
-
Hans Leidekker -
Marvin -
Paul Gofman