libsoup-gnutls-TLS1.2.patch

   1 author  Dan Winship <danw@gnome.org>    2010-06-29 13:43:20 (GMT)
   2
   3         Disable TLS 1.2 in addition to 1.0 and 1.1 Due to bug 581342 we want to
   4         only negotiate SSL 3.0. Previously we were telling gnutls to not do TLS1.0
   5         or TLS1.1, but that means with newer versions of gnutls that support
   6         TLS1.2 it would try to negotiate that instead and generally fail. Fix that
   7         by disabling TLS1.2 too (which works fine even with gnutls versions that
   8         don't support TLS1.2 yet).
   9
  10         https://bugzilla.gnome.org/show_bug.cgi?id=622857
  11
  12 diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c
  13 index cb0fbe5..0b57f28 100644
  14 --- a/libsoup/soup-gnutls.c
  15 +++ b/libsoup/soup-gnutls.c
  16 @@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking,
  17                 goto THROW_CREATE_ERROR;
  18
  19         /* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */
  20 -       if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
  21 +       if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
  22                 goto THROW_CREATE_ERROR;
  23
  24         if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,