1 From 6b213b593c5b499679506a8c169ff3f0f4d6a34f Mon Sep 17 00:00:00 2001
2 From: John Papandriopoulos <jpap@users.noreply.github.com>
3 Date: Thu, 20 Aug 2015 16:55:39 -0700
4 Subject: [PATCH] Use of newer gnutls_priority_set_direct API
8 src/stream.c | 13 +++++++++++++
9 2 files changed, 14 insertions(+)
11 diff --git a/configure.ac b/configure.ac
12 index 91e69e3..281a044 100644
15 @@ -46,6 +46,7 @@ AC_CHECK_FUNCS(getopt_long)
16 AC_CHECK_FUNCS(getaddrinfo)
18 AM_PATH_LIBGNUTLS(,AC_DEFINE(HAVE_GNUTLS,,"Use libgnutls"))
19 +AM_PATH_LIBGNUTLS(,AC_CHECK_FUNCS(gnutls_priority_set_direct))
21 dnl Check -Wall flag of GCC
22 if test "x$GCC" = "xyes"; then
23 diff --git a/src/stream.c b/src/stream.c
24 index e8a1e8c..7d19a82 100644
27 @@ -63,11 +63,20 @@ tls_pull (iksparser *prs, char *buffer, size_t len)
29 handshake (struct stream_data *data)
31 +#if HAVE_GNUTLS_PRIORITY_SET_DIRECT
32 + const char *priorities =
34 + ":+VERS-TLS1.0:+VERS-SSL3.0"
36 + ":+3DES-CBC:+ARCFOUR-128"
37 + ":+SHA1:+SHA256:+SHA384:+MD5";
39 const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
40 const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
41 const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0};
42 const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
43 const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
47 if (gnutls_global_init () != 0)
48 @@ -80,11 +89,15 @@ handshake (struct stream_data *data)
49 gnutls_certificate_free_credentials (data->cred);
52 +#if HAVE_GNUTLS_PRIORITY_SET_DIRECT
53 + gnutls_priority_set_direct (data->sess, priorities, NULL);
55 gnutls_protocol_set_priority (data->sess, protocol_priority);
56 gnutls_cipher_set_priority(data->sess, cipher_priority);
57 gnutls_compression_set_priority(data->sess, comp_priority);
58 gnutls_kx_set_priority(data->sess, kx_priority);
59 gnutls_mac_set_priority(data->sess, mac_priority);
61 gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred);
63 gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push);