When compiling with old gnutls version completely disable ECDHE instead of disabling the curves.

Conflicts:
	openconnect.spec

openconnect-6.00-no-ecdhe.patch

@@ -0,0 +1,21 @@
+diff --git a/gnutls.c b/gnutls.c
+index 13fb36c..1c1921f 100644
+--- a/gnutls.c
++++ b/gnutls.c
+@@ -1854,7 +1854,7 @@ static int verify_peer(gnutls_session_t session)
+ # define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \
+ 	"%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION"
+ # if GNUTLS_VERSION_MAJOR >= 3
+-#  define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL"
++#  define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA"
+ #else
+ #  define DEFAULT_PRIO _DEFAULT_PRIO
+ # endif
+@@ -1983,7 +1983,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
+ 	} else {
+ 		prio = DEFAULT_PRIO;
+ 	}
+-
+ 	err = gnutls_priority_set_direct(vpninfo->https_sess,
+ 					prio, NULL);
+ 	if (err) {

openconnect.spec

@@ -20,6 +20,7 @@ Group:		Applications/Internet
 License:	LGPLv2+
 URL:		http://www.infradead.org/openconnect.html
 Source0:	ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz
+Patch0:		openconnect-6.00-no-ecdhe.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	pkgconfig(openssl) pkgconfig(libxml-2.0)
@@ -62,6 +63,8 @@ for NetworkManager etc.
 %prep
 %setup -q
 
+%patch0 -p1 -b .no-ecdhe
+
 %build
 %configure	--with-vpnc-script=/etc/vpnc/vpnc-script \
 %if !%{use_gnutls}
@@ -98,6 +101,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/openconnect.pc
 
 %changelog
+* Tue Sep 16 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 6.00-2
+- When compiling with old gnutls version completely disable ECDHE instead
+  of disabling the curves.
+
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.00-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild