1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-12-04 14:46:47 -05:00

Bug 712, ssl_set_no_tls: Disable TLS protocols for GnuTLS too.

And log this in NEWS, although that may have to be reverted later if
it turns out this change just hides a real bug elsewhere in ELinks.
This commit is contained in:
Kalle Olavi Niemitalo 2007-04-21 13:58:20 +03:00 committed by Kalle Olavi Niemitalo
parent d33579bb2f
commit 2f25d3e57c
2 changed files with 17 additions and 0 deletions

1
NEWS
View File

@ -100,6 +100,7 @@ roughly in decreasing order of importance.
- (enhancement) FSP progress indicator and password prompt.
- (bugfix) Support much longer locale-specific timestamps when
formatting a directory listing. LC_TIME=fi_FI.UTF-8 now works.
- (bugfix 712) GnuTLS works on https://www-s.uiuc.edu
* Changes in parsing and rendering of HTML (without DOM)
- (bugfix) Use frame->name instead of target avoiding possible segfault.
- (bugfix 284) Render closing parentheses for HTML elements SUB, SUP

View File

@ -58,11 +58,27 @@
#endif
/* Refuse to negotiate TLS 1.0 and later protocols on @socket->ssl.
* Without this, connecting to <https://www-s.uiuc.edu/> with GnuTLS
* 1.3.5 would result in an SSL error. The bug may be in the server
* (Netscape-Enterprise/3.6 SP3), in GnuTLS, or in ELinks; please log
* your findings to ELinks bug 712. */
static void
ssl_set_no_tls(struct socket *socket)
{
#ifdef CONFIG_OPENSSL
((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
#elif defined(CONFIG_GNUTLS)
{
/* GnuTLS does not support SSLv2 because it is "insecure".
* That leaves only SSLv3. */
static const int protocol_priority[] = {
GNUTLS_SSL3,
0
};
gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
}
#endif
}