From 9d8e88fc422b23817037b190d4745867517ad166 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Thu, 27 Nov 2014 16:41:48 +0000
Subject: [PATCH] Add upstreamed version of no-curve patch

---
 ...ith-old-gnutls-version-completely-di.patch | 32 +++++++++++++++++++
 openconnect-6.00-no-ecdhe.patch               | 21 ------------
 openconnect.spec                              |  7 ++--
 3 files changed, 37 insertions(+), 23 deletions(-)
 create mode 100644 0001-When-compiling-with-old-gnutls-version-completely-di.patch
 delete mode 100644 openconnect-6.00-no-ecdhe.patch

diff --git a/0001-When-compiling-with-old-gnutls-version-completely-di.patch b/0001-When-compiling-with-old-gnutls-version-completely-di.patch
new file mode 100644
index 0000000..e5d7a12
--- /dev/null
+++ b/0001-When-compiling-with-old-gnutls-version-completely-di.patch
@@ -0,0 +1,32 @@
+From eb34177f1db31df3276b3d5ae1207390b1bb1edf Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 27 Nov 2014 16:24:08 +0000
+Subject: [PATCH] When compiling with old gnutls version completely disable
+ ECDHE instead of disabling the curves
+
+Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+---
+ gnutls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gnutls.c b/gnutls.c
+index e4fcfb7..feb1b27 100644
+--- a/gnutls.c
++++ b/gnutls.c
+@@ -1971,7 +1971,7 @@ static int verify_peer(gnutls_session_t session)
+ # define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \
+ 	"%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION"
+ # if GNUTLS_VERSION_MAJOR >= 3
+-#  define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL"
++#  define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA"
+ #else
+ #  define DEFAULT_PRIO _DEFAULT_PRIO
+ # endif
+-- 
+2.1.0
+
+--- ./version.c.orig	2014-11-27 16:39:58.924714506 +0000
++++ ./version.c	2014-11-27 16:40:00.648735281 +0000
+@@ -1 +1 @@
+-const char *openconnect_version_str = "v7.00";
++const char *openconnect_version_str = "v7.00-1-geb34177";
diff --git a/openconnect-6.00-no-ecdhe.patch b/openconnect-6.00-no-ecdhe.patch
deleted file mode 100644
index aeb75e1..0000000
--- a/openconnect-6.00-no-ecdhe.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/gnutls.c b/gnutls.c
-index 13fb36c..1c1921f 100644
---- a/gnutls.c
-+++ b/gnutls.c
-@@ -1854,7 +1854,7 @@ static int verify_peer(gnutls_session_t session)
- # define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \
- 	"%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION"
- # if GNUTLS_VERSION_MAJOR >= 3
--#  define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL"
-+#  define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA"
- #else
- #  define DEFAULT_PRIO _DEFAULT_PRIO
- # endif
-@@ -1983,7 +1983,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
- 	} else {
- 		prio = DEFAULT_PRIO;
- 	}
--
- 	err = gnutls_priority_set_direct(vpninfo->https_sess,
- 					prio, NULL);
- 	if (err) {
diff --git a/openconnect.spec b/openconnect.spec
index f70a981..e4e7ccb 100644
--- a/openconnect.spec
+++ b/openconnect.spec
@@ -13,14 +13,14 @@
 
 Name:		openconnect
 Version:	7.00
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Open client for Cisco AnyConnect VPN
 
 Group:		Applications/Internet
 License:	LGPLv2+
 URL:		http://www.infradead.org/openconnect.html
 Source0:	ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz
-Patch0:		openconnect-6.00-no-ecdhe.patch
+Patch0:		0001-When-compiling-with-old-gnutls-version-completely-di.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	pkgconfig(openssl) pkgconfig(libxml-2.0)
@@ -101,6 +101,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/openconnect.pc
 
 %changelog
+* Thu Nov 27 2014 David Woodhouse <David.Woodhouse@intel.com> - 7.00-2
+- Add upstreamed version of Nikos' curve patch with version.c fixed
+
 * Thu Nov 27 2014 David Woodhouse <David.Woodhouse@intel.com> - 7.00-1
 - Update to 7.00 release