diff --git a/0001-Add-support-for-using-gnutls-system-wide-crypto-poli.patch b/0001-Add-support-for-using-gnutls-system-wide-crypto-poli.patch new file mode 100644 index 0000000..164da4a --- /dev/null +++ b/0001-Add-support-for-using-gnutls-system-wide-crypto-poli.patch @@ -0,0 +1,53 @@ +From 48a94ee1ef77d26718edd3d5892a2555194e2b8f Mon Sep 17 00:00:00 2001 +From: Athmane Madjoudj +Date: Tue, 16 Feb 2016 23:09:54 +0100 +Subject: [PATCH] Add support for using gnutls system wide crypto policy + +--- + configure.ac | 7 +++++++ + src/LibgnutlsTLSSession.cc | 4 ++++ + 2 files changed, 11 insertions(+) + +diff --git a/configure.ac b/configure.ac +index e71db40..50d60bf 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -95,6 +95,13 @@ AC_ARG_WITH([bashcompletiondir], + + AC_ARG_VAR([ARIA2_STATIC], [Set 'yes' to build a statically linked aria2]) + ++AC_ARG_ENABLE([gnutls-system-crypto-policy], ++ AS_HELP_STRING([--enable-gnutls-system-crypto-policy], [Enable gnutls system wide crypto policy])) ++ ++AS_IF([test "x$enable_gnutls_system_crypto_policy" = "xyes"], [ ++ AC_DEFINE([USE_GNUTLS_SYSTEM_CRYPTO_POLICY], [1], [Define to 1 if using gnutls system wide crypto policy .]) ++]) ++ + # Checks for programs. + AC_PROG_CXX + AC_PROG_CC +diff --git a/src/LibgnutlsTLSSession.cc b/src/LibgnutlsTLSSession.cc +index 37523d9..21196bc 100644 +--- a/src/LibgnutlsTLSSession.cc ++++ b/src/LibgnutlsTLSSession.cc +@@ -128,6 +128,9 @@ int GnuTLSSession::init(sock_t sockfd) + // It seems err is not error message, but the argument string + // which causes syntax error. + const char* err; ++#ifdef USE_GNUTLS_SYSTEM_CRYPTO_POLICY ++ rv_ = gnutls_priority_set_direct(sslSession_, "@SYSTEM", &err); ++#else + std::string pri = "SECURE128:+SIGN-RSA-SHA1"; + switch (tlsContext_->getMinTLSVersion()) { + case TLS_PROTO_TLS12: +@@ -142,6 +145,7 @@ int GnuTLSSession::init(sock_t sockfd) + break; + }; + rv_ = gnutls_priority_set_direct(sslSession_, pri.c_str(), &err); ++#endif + if (rv_ != GNUTLS_E_SUCCESS) { + return TLS_ERR_ERROR; + } +-- +2.5.0 +