[gtk-vnc] Allow default TLS priority to be set at build time

[Daniel P. Berrange <dberrange src gnome org>]

commit b764182f39920d5166102afd0d4a14a933d34a25
Author: Daniel P. Berrange <berrange redhat com>
Date:   Mon Jun 6 10:39:19 2016 +0100

    Allow default TLS priority to be set at build time
    
    Add a --with-tls-priority flag to configure which takes a
    GNUTLS cipher/protocol priority string, overriding the
    built-in default of "NORMAL".
    
    Signed-off-by: Daniel P. Berrange <berrange redhat com>

 configure.ac        |   12 ++++++++++++
 gtk-vnc.spec.in     |   16 ++++++++++++++--
 src/vncconnection.c |    2 +-
 3 files changed, 27 insertions(+), 3 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index b0e8448..1460341 100644
--- a/configure.ac
+++ b/configure.ac
@@ -246,6 +246,17 @@ AC_SUBST(PULSEAUDIO_LIBS)
 
 AM_PATH_LIBGCRYPT($GCRYPT_REQUIRED)
 
+
+AC_ARG_WITH([tls-priority],
+  [AS_HELP_STRING([--with-tls-priority],
+    [set the default TLS session priority string @<:@default=NORMAL@:>@])],
+  [],
+  [with_tls_priority=NORMAL])
+
+AC_DEFINE_UNQUOTED([TLS_PRIORITY], ["$with_tls_priority"],
+                  [TLS default priority string])
+
+
 PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED)
 AC_SUBST(GNUTLS_CFLAGS)
 AC_SUBST(GNUTLS_LIBS)
@@ -465,4 +476,5 @@ Configure summary:
        SASL support................:  ${enable_sasl}
        PulseAudio support..........:  ${HAVE_PULSEAUDIO}
        GTK+ version................:  ${GTK_API_VERSION}
+       TLS priority................:  ${with_tls_priority}
 "
diff --git a/gtk-vnc.spec.in b/gtk-vnc.spec.in
index 135b564..b6ae5ee 100644
--- a/gtk-vnc.spec.in
+++ b/gtk-vnc.spec.in
@@ -17,6 +17,16 @@
 
 %global with_pulse 1
 
+%if 0%{?fedora} >= 25
+    %global tls_priority "@LIBVIRT,SYSTEM"
+%else
+    %if 0%{?fedora} >= 21
+        %global tls_priority "@SYSTEM"
+    %else
+        %global tls_priority "NORMAL"
+    %endif
+%endif
+
 Summary: A GTK2 widget for VNC clients
 Name: gtk-vnc
 Version: @VERSION@
@@ -166,14 +176,16 @@ cp -a gtk-vnc-%{version} gtk-vnc2-%{version}
 %endif
 
 cd gtk-vnc-%{version}
-%configure --with-gtk=2.0 %{gir_arg}
+%configure --with-gtk=2.0 %{gir_arg} \
+          --with-tls-priority=%{tls_priority}
 %__make %{?_smp_mflags} V=1
 chmod -x examples/*.pl examples/*.js examples/*.py
 cd ..
 
 %if %{with_gtk3}
 cd gtk-vnc2-%{version}
-%configure --with-gtk=3.0 %{gir_arg}
+%configure --with-gtk=3.0 %{gir_arg} \
+          --with-tls-priority=%{tls_priority}
 %__make %{?_smp_mflags} V=1
 chmod -x examples/*.pl examples/*.js examples/*.py
 cd ..
diff --git a/src/vncconnection.c b/src/vncconnection.c
index 0f439e3..3d6e77e 100644
--- a/src/vncconnection.c
+++ b/src/vncconnection.c
@@ -4254,7 +4254,7 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
 static gboolean vnc_connection_start_tls(VncConnection *conn, int anonTLS)
 {
     VncConnectionPrivate *priv = conn->priv;
-    const char *priority = anonTLS ? "NORMAL:+ANON-DH" : "NORMAL";
+    const char *priority = anonTLS ? TLS_PRIORITY ":+ANON-DH" : TLS_PRIORITY;
     int ret;
 
     VNC_DEBUG("Do TLS handshake");