| 697c882d |
1 | author Dan Winship <danw@gnome.org> 2010-06-29 13:43:20 (GMT) |
| 2 | |
| 3 | Disable TLS 1.2 in addition to 1.0 and 1.1 Due to bug 581342 we want to |
| 4 | only negotiate SSL 3.0. Previously we were telling gnutls to not do TLS1.0 |
| 5 | or TLS1.1, but that means with newer versions of gnutls that support |
| 6 | TLS1.2 it would try to negotiate that instead and generally fail. Fix that |
| 7 | by disabling TLS1.2 too (which works fine even with gnutls versions that |
| 8 | don't support TLS1.2 yet). |
| 9 | |
| 10 | https://bugzilla.gnome.org/show_bug.cgi?id=622857 |
| 11 | |
| 12 | diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c |
| 13 | index cb0fbe5..0b57f28 100644 |
| 14 | --- a/libsoup/soup-gnutls.c |
| 15 | +++ b/libsoup/soup-gnutls.c |
| 16 | @@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking, |
| 17 | goto THROW_CREATE_ERROR; |
| 18 | |
| 19 | /* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */ |
| 20 | - if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) |
| 21 | + if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) |
| 22 | goto THROW_CREATE_ERROR; |
| 23 | |
| 24 | if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, |
projects / packages / libsoup.git / blame