Line
Link Here
|
0 |
-- a/src/stream.c |
0 |
++ b/src/stream.c |
Lines 62-74
Link Here
|
62 |
|
62 |
|
63 |
static int |
63 |
static int |
64 |
handshake (struct stream_data *data) |
64 |
handshake (struct stream_data *data) |
65 |
{ |
65 |
{ |
66 |
const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; |
66 |
const char *priority_string = "SECURE256:+SECURE192:-VERS-TLS-ALL:+VERS-TLS1.2"; |
67 |
const int kx_priority[] = { GNUTLS_KX_RSA, 0 }; |
|
|
68 |
const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; |
69 |
const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; |
70 |
const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; |
71 |
int ret; |
67 |
int ret; |
72 |
|
68 |
|
73 |
if (gnutls_global_init () != 0) |
69 |
if (gnutls_global_init () != 0) |
74 |
return IKS_NOMEM; |
70 |
return IKS_NOMEM; |
Lines 79-91
Link Here
|
79 |
if (gnutls_init (&data->sess, GNUTLS_CLIENT) != 0) { |
75 |
if (gnutls_init (&data->sess, GNUTLS_CLIENT) != 0) { |
80 |
gnutls_certificate_free_credentials (data->cred); |
76 |
gnutls_certificate_free_credentials (data->cred); |
81 |
return IKS_NOMEM; |
77 |
return IKS_NOMEM; |
82 |
} |
78 |
} |
83 |
gnutls_protocol_set_priority (data->sess, protocol_priority); |
79 |
gnutls_priority_set_direct(data->sess, priority_string, NULL); |
84 |
gnutls_cipher_set_priority(data->sess, cipher_priority); |
|
|
85 |
gnutls_compression_set_priority(data->sess, comp_priority); |
86 |
gnutls_kx_set_priority(data->sess, kx_priority); |
87 |
gnutls_mac_set_priority(data->sess, mac_priority); |
88 |
gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred); |
80 |
gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred); |
89 |
|
81 |
|
90 |
gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push); |
82 |
gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push); |
91 |
gnutls_transport_set_pull_function (data->sess, (gnutls_pull_func) tls_pull); |
83 |
gnutls_transport_set_pull_function (data->sess, (gnutls_pull_func) tls_pull); |