summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Fandrich <dan@coneharvesters.com>2014-07-11 23:55:53 +0200
committerDan Fandrich <dan@coneharvesters.com>2014-07-12 00:11:44 +0200
commit447c31ce9d62913302040304e3f3d9d43743c71f (patch)
treeca5ab873fda5ced541a8b1720d2763f72e98a6a0
parentd582c272a6782a28d9f14547b19564a2292e2a80 (diff)
downloadcurl-447c31ce9d62913302040304e3f3d9d43743c71f.tar.gz
curl-447c31ce9d62913302040304e3f3d9d43743c71f.tar.bz2
curl-447c31ce9d62913302040304e3f3d9d43743c71f.zip
gnutls: explicitly added SRP to the priority string
This seems to have become necessary for SRP support to work starting with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS before the function that takes this priority string, there should be no issue with backward compatibility.
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/vtls/gtls.c8
-rwxr-xr-xtests/runtests.pl1
3 files changed, 6 insertions, 4 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 5f3bc0cd3..03dc74530 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -39,6 +39,7 @@ This release includes the following bugfixes:
o tool: prevent valgrind from reporting possibly lost memory (nss only)
o nss: fix a memory leak when CURLOPT_CRLFILE is used
o gnutls: ignore invalid certificate dates with VERIFYPEER disabled
+ o gnutls: fix SRP support with versions of GnuTLS from 2.99.0
o
This release includes the following known bugs:
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 7f920b27a..54bfef118 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -544,19 +544,19 @@ gtls_connect_step1(struct connectdata *conn,
break;
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
- prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0";
+ prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:+SRP";
break;
case CURL_SSLVERSION_TLSv1_0:
prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
- "+VERS-TLS1.0";
+ "+VERS-TLS1.0:+SRP";
break;
case CURL_SSLVERSION_TLSv1_1:
prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
- "+VERS-TLS1.1";
+ "+VERS-TLS1.1:+SRP";
break;
case CURL_SSLVERSION_TLSv1_2:
prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
- "+VERS-TLS1.2";
+ "+VERS-TLS1.2:+SRP";
break;
case CURL_SSLVERSION_SSLv2:
default:
diff --git a/tests/runtests.pl b/tests/runtests.pl
index 810b80732..da71414f8 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -1452,6 +1452,7 @@ sub runhttptlsserver {
$flags .= "--http ";
$flags .= "--debug 1 " if($debugprotocol);
$flags .= "--port $port ";
+ $flags .= "--priority NORMAL:+SRP ";
$flags .= "--srppasswd $srcdir/certs/srp-verifier-db ";
$flags .= "--srppasswdconf $srcdir/certs/srp-verifier-conf";