diff options
author | Dan Fandrich <dan@coneharvesters.com> | 2014-07-11 23:55:53 +0200 |
---|---|---|
committer | Dan Fandrich <dan@coneharvesters.com> | 2014-07-12 00:11:44 +0200 |
commit | 447c31ce9d62913302040304e3f3d9d43743c71f (patch) | |
tree | ca5ab873fda5ced541a8b1720d2763f72e98a6a0 | |
parent | d582c272a6782a28d9f14547b19564a2292e2a80 (diff) | |
download | curl-447c31ce9d62913302040304e3f3d9d43743c71f.tar.gz curl-447c31ce9d62913302040304e3f3d9d43743c71f.tar.bz2 curl-447c31ce9d62913302040304e3f3d9d43743c71f.zip |
gnutls: explicitly added SRP to the priority string
This seems to have become necessary for SRP support to work starting
with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
before the function that takes this priority string, there should be no
issue with backward compatibility.
-rw-r--r-- | RELEASE-NOTES | 1 | ||||
-rw-r--r-- | lib/vtls/gtls.c | 8 | ||||
-rwxr-xr-x | tests/runtests.pl | 1 |
3 files changed, 6 insertions, 4 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 5f3bc0cd3..03dc74530 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -39,6 +39,7 @@ This release includes the following bugfixes: o tool: prevent valgrind from reporting possibly lost memory (nss only) o nss: fix a memory leak when CURLOPT_CRLFILE is used o gnutls: ignore invalid certificate dates with VERIFYPEER disabled + o gnutls: fix SRP support with versions of GnuTLS from 2.99.0 o This release includes the following known bugs: diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 7f920b27a..54bfef118 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -544,19 +544,19 @@ gtls_connect_step1(struct connectdata *conn, break; case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: - prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0"; + prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:+SRP"; break; case CURL_SSLVERSION_TLSv1_0: prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" - "+VERS-TLS1.0"; + "+VERS-TLS1.0:+SRP"; break; case CURL_SSLVERSION_TLSv1_1: prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" - "+VERS-TLS1.1"; + "+VERS-TLS1.1:+SRP"; break; case CURL_SSLVERSION_TLSv1_2: prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" - "+VERS-TLS1.2"; + "+VERS-TLS1.2:+SRP"; break; case CURL_SSLVERSION_SSLv2: default: diff --git a/tests/runtests.pl b/tests/runtests.pl index 810b80732..da71414f8 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -1452,6 +1452,7 @@ sub runhttptlsserver { $flags .= "--http "; $flags .= "--debug 1 " if($debugprotocol); $flags .= "--port $port "; + $flags .= "--priority NORMAL:+SRP "; $flags .= "--srppasswd $srcdir/certs/srp-verifier-db "; $flags .= "--srppasswdconf $srcdir/certs/srp-verifier-conf"; |