From 697c882d193d22c03c611aa80f97970e4908896f Mon Sep 17 00:00:00 2001 From: pawelz Date: Wed, 25 Aug 2010 10:17:47 +0000 Subject: [PATCH] - fix for https://bugzilla.gnome.org/show_bug.cgi?id=622857 backported from libsoup git Changed files: libsoup-gnutls-TLS1.2.patch -> 1.1 --- libsoup-gnutls-TLS1.2.patch | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 libsoup-gnutls-TLS1.2.patch diff --git a/libsoup-gnutls-TLS1.2.patch b/libsoup-gnutls-TLS1.2.patch new file mode 100644 index 0000000..8c0d284 --- /dev/null +++ b/libsoup-gnutls-TLS1.2.patch @@ -0,0 +1,24 @@ +author Dan Winship 2010-06-29 13:43:20 (GMT) + + Disable TLS 1.2 in addition to 1.0 and 1.1 Due to bug 581342 we want to + only negotiate SSL 3.0. Previously we were telling gnutls to not do TLS1.0 + or TLS1.1, but that means with newer versions of gnutls that support + TLS1.2 it would try to negotiate that instead and generally fail. Fix that + by disabling TLS1.2 too (which works fine even with gnutls versions that + don't support TLS1.2 yet). + + https://bugzilla.gnome.org/show_bug.cgi?id=622857 + +diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c +index cb0fbe5..0b57f28 100644 +--- a/libsoup/soup-gnutls.c ++++ b/libsoup/soup-gnutls.c +@@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking, + goto THROW_CREATE_ERROR; + + /* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */ +- if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) ++ if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) + goto THROW_CREATE_ERROR; + + if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, -- 2.43.0