$NetBSD: patch-ac,v 1.9 2016/10/01 13:03:10 joerg Exp $

--- wmbiff/tlsComm.c.orig	2004-10-11 00:29:47.000000000 +0000
+++ wmbiff/tlsComm.c
@@ -385,16 +385,16 @@ int
 tls_check_certificate(struct connection_state *scs,
 					  const char *remote_hostname)
 {
-	int certstat;
+	int verify_ret, certstat;
 	const gnutls_datum *cert_list;
 	int cert_list_size = 0;
 	gnutls_x509_crt cert;
 
 	if (gnutls_auth_get_type(scs->tls_state) != GNUTLS_CRD_CERTIFICATE) {
 		bad_certificate(scs, "Unable to get certificate from peer.\n");
-		return;					/* bad_cert will exit if -skip-certificate-check was not given */
+		return 0;					/* bad_cert will exit if -skip-certificate-check was not given */
 	}
-	certstat = gnutls_certificate_verify_peers(scs->tls_state);
+	verify_ret = gnutls_certificate_verify_peers2(scs->tls_state, &certstat);
 	if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND) {
 		bad_certificate(scs, "server presented no certificate.\n");
 #ifdef GNUTLS_CERT_CORRUPTED
@@ -412,10 +412,12 @@ tls_check_certificate(struct connection_
 							"server's certificate is invalid or not X.509.\n"
 							"there may be a problem with the certificate stored in your certfile\n");
 		}
+#ifdef GNUTLS_CERT_NOT_TRUSTED
 	} else if (certstat & GNUTLS_CERT_NOT_TRUSTED) {
 		TDM(DEBUG_INFO, "server's certificate is not trusted.\n");
 		TDM(DEBUG_INFO,
 			"to verify that a certificate is trusted, use the certfile option.\n");
+#endif
 	}
 
 	if (gnutls_x509_crt_init(&cert) < 0) {
@@ -495,27 +497,9 @@ struct connection_state *initialize_gnut
 	}
 
 	assert(gnutls_init(&scs->tls_state, GNUTLS_CLIENT) == 0);
+	assert(gnutls_set_default_priority(&scs->tls_state) == 0);
+
 	{
-		const int protocols[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
-		const int ciphers[] =
-			{ GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC,
-			GNUTLS_CIPHER_RIJNDAEL_256_CBC,
-			GNUTLS_CIPHER_ARCFOUR, 0
-		};
-		const int compress[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
-		const int key_exch[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS,
-			GNUTLS_KX_DHE_RSA, 0
-		};
-		/* mutt with gnutls doesn't use kx_srp or kx_anon_dh */
-		const int mac[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
-		assert(gnutls_protocol_set_priority(scs->tls_state, protocols) ==
-			   0);
-		assert(gnutls_cipher_set_priority(scs->tls_state, ciphers) == 0);
-		assert(gnutls_compression_set_priority(scs->tls_state, compress) ==
-			   0);
-		assert(gnutls_kx_set_priority(scs->tls_state, key_exch) == 0);
-		assert(gnutls_mac_set_priority(scs->tls_state, mac) == 0);
-		/* no client private key */
 		if (gnutls_certificate_allocate_credentials(&scs->xcred) < 0) {
 			DMA(DEBUG_ERROR, "gnutls memory error\n");
 			exit(1);
