1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-12-04 14:46:47 -05:00

Use gnutls_set_default_priority.

Thereby enabling TLS 1.2 on GnuTLS versions that support it.
This commit is contained in:
Simon Josefsson 2007-04-20 11:28:04 +02:00 committed by Witold Filipczyk
parent e2f26e45f8
commit 8c53b32be7
2 changed files with 1 additions and 85 deletions

View File

@ -63,83 +63,6 @@ ssl_set_no_tls(struct socket *socket)
{
#ifdef CONFIG_OPENSSL
((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
#elif defined(CONFIG_GNUTLS)
/* We do a little more work here, setting up all these priorities (like
* they couldn't have some reasonable defaults there).. */
{
int protocol_priority[3] = {
GNUTLS_TLS1,
GNUTLS_SSL3,
0
};
gnutls_protocol_set_priority(*((ssl_t *) socket->ssl), protocol_priority);
}
/* Note that I have no clue about these; I just put all I found here
* ;-). It is all a bit confusing for me, and I just want this to work.
* Feel free to send me patch removing useless superfluous bloat,
* thanks in advance. --pasky */
{
int cipher_priority[5] = {
GNUTLS_CIPHER_RIJNDAEL_128_CBC,
GNUTLS_CIPHER_3DES_CBC,
GNUTLS_CIPHER_ARCFOUR,
GNUTLS_CIPHER_RIJNDAEL_256_CBC,
0
};
gnutls_cipher_set_priority(*((ssl_t *) socket->ssl), cipher_priority);
}
{
/* Does any httpd support this..? ;) */
int comp_priority[3] = {
GNUTLS_COMP_ZLIB,
GNUTLS_COMP_NULL,
0
};
gnutls_compression_set_priority(*((ssl_t *) socket->ssl), comp_priority);
}
{
int kx_priority[5] = {
GNUTLS_KX_RSA,
GNUTLS_KX_DHE_DSS,
GNUTLS_KX_DHE_RSA,
/* Looks like we don't want SRP, do we? */
GNUTLS_KX_ANON_DH,
0
};
gnutls_kx_set_priority(*((ssl_t *) socket->ssl), kx_priority);
}
{
int mac_priority[3] = {
GNUTLS_MAC_SHA,
GNUTLS_MAC_MD5,
0
};
gnutls_mac_set_priority(*((ssl_t *) socket->ssl), mac_priority);
}
{
int cert_type_priority[2] = {
GNUTLS_CRT_X509,
/* We don't link with -extra now; by time of writing
* this, it's unclear where OpenPGP will end up. */
0
};
gnutls_certificate_type_set_priority(*((ssl_t *) socket->ssl), cert_type_priority);
}
gnutls_dh_set_prime_bits(*((ssl_t *) socket->ssl), 1024);
#endif
}

View File

@ -107,9 +107,6 @@ static struct module openssl_module = struct_module(
gnutls_anon_client_credentials_t anon_cred = NULL;
gnutls_certificate_credentials_t xcred = NULL;
const static int protocol_priority[16] = {
GNUTLS_TLS1, GNUTLS_SSL3, 0
};
const static int kx_priority[16] = {
GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP,
/* Do not use anonymous authentication, unless you know what that means */
@ -119,8 +116,6 @@ const static int cipher_priority[16] = {
GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_ARCFOUR_128,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_ARCFOUR_40, 0
};
const static int comp_priority[16] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
const static int mac_priority[16] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
const static int cert_type_priority[16] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
static void
@ -232,12 +227,10 @@ init_ssl_connection(struct socket *socket)
return S_SSL_ERROR;
}
gnutls_set_default_priority(*state);
gnutls_handshake_set_private_extensions(*state, 1);
gnutls_cipher_set_priority(*state, cipher_priority);
gnutls_compression_set_priority(*state, comp_priority);
gnutls_kx_set_priority(*state, kx_priority);
gnutls_protocol_set_priority(*state, protocol_priority);
gnutls_mac_set_priority(*state, mac_priority);
gnutls_certificate_type_set_priority(*state, cert_type_priority);
gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name,
sizeof(server_name) - 1);