[libsoup/gnome-2-26: 23/29] Attempt better compatibility with non-TLS1.1 https servers.

From: Dan Winship <danw src gnome org>
To: svn-commits-list gnome org
Subject: [libsoup/gnome-2-26: 23/29] Attempt better compatibility with non-TLS1.1 https servers.
Date: Mon, 18 May 2009 12:26:30 -0400 (EDT)

commit 152a7706d6534d0a797f4b8760c5ad457c20db97
Author: Dan Winship <danw gnome org>
Date:   Fri May 8 18:11:20 2009 -0400

    Attempt better compatibility with non-TLS1.1 https servers.
    
    Try to use the (not-yet-widely-deployed) SSL3_RECORD_VERSION option in
    gnutls to make it handshake according to the backward-compatibility
    recommendations in the TLS spec. If that fails, fall back to just
    disabling TLS1.1. Should hopefully help us to work better with servers
    that freak out if you even suggest using TLS1.1.
    
    Fix based on a Pidgin patch from Martin von Gagern.
    
    http://bugzilla.gnome.org/show_bug.cgi?id=581342
---
 libsoup/soup-gnutls.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c
index b5a5f32..d3d410d 100644
--- a/libsoup/soup-gnutls.c
+++ b/libsoup/soup-gnutls.c
@@ -446,7 +446,9 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking,
 	if (ret)
 		goto THROW_CREATE_ERROR;
 
-	if (gnutls_set_default_priority (session) != 0)
+	/* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */
+	if (gnutls_priority_set_direct (session, "NORMAL:%SSL3_RECORD_VERSION", NULL) != 0 &&
+	    gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1", NULL) != 0)
 		goto THROW_CREATE_ERROR;
 
 	if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]