s3:lib:tls: Use better priority lists for modern GnuTLS

We should use the default priority list. That is a good practice,
because TLS protocol hardening and phasing out of legacy algorithms,
is easier to co-ordinate when happens at a single place. See crypto
policies of Fedora.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184

python/samba/tests/docs.py

@@ -26,6 +26,21 @@ import os
 import subprocess
 import xml.etree.ElementTree as ET
 
+config_h = os.path.join("bin/default/include/config.h")
+config_hash = dict()
+
+if os.path.exists(config_h):
+    config_hash = dict()
+    f = open(config_h, 'r')
+    try:
+        lines = f.readlines()
+        config_hash = dict((x[0], ' '.join(x[1:]))
+                           for x in map(lambda line: line.strip().split(' ')[1:],
+                                        list(filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines))))
+    finally:
+        f.close()
+
+have_gnutls_system_config_support = ("HAVE_GNUTLS_SET_DEFAULT_PRIORITY_APPEND" in config_hash)
 
 class TestCase(samba.tests.TestCaseInTempDir):
 
@@ -128,6 +143,11 @@ class SmbDotConfTests(TestCase):
         'smbd max async dosmode',
     ])
 
+    # 'tls priority' has a legacy default value if we don't link against a
+    # modern GnuTLS version.
+    if not have_gnutls_system_config_support:
+        special_cases.add('tls priority')
+
     def setUp(self):
         super(SmbDotConfTests, self).setUp()
         # create a minimal smb.conf file for testparm