init3/aria2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Forgot the patch

Browse source
This commit is contained in:
Athmane Madjoudj 2016-02-18 22:57:32 +01:00
parent 5cfbd79443
commit 8d8afcd7d4
1 changed files with 53 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

53
0001-Add-support-for-using-gnutls-system-wide-crypto-poli.patch Normal file
View file

@ -0,0 +1,53 @@
From 48a94ee1ef77d26718edd3d5892a2555194e2b8f Mon Sep 17 00:00:00 2001
From: Athmane Madjoudj <athmane@fedoraproject.org>
Date: Tue, 16 Feb 2016 23:09:54 +0100
Subject: [PATCH] Add support for using gnutls system wide crypto policy
---
configure.ac | 7 +++++++
src/LibgnutlsTLSSession.cc | 4 ++++
2 files changed, 11 insertions(+)
diff --git a/configure.ac b/configure.ac
index e71db40..50d60bf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -95,6 +95,13 @@ AC_ARG_WITH([bashcompletiondir],
AC_ARG_VAR([ARIA2_STATIC], [Set 'yes' to build a statically linked aria2])
+AC_ARG_ENABLE([gnutls-system-crypto-policy],
+ AS_HELP_STRING([--enable-gnutls-system-crypto-policy], [Enable gnutls system wide crypto policy]))
+
+AS_IF([test "x$enable_gnutls_system_crypto_policy" = "xyes"], [
+ AC_DEFINE([USE_GNUTLS_SYSTEM_CRYPTO_POLICY], [1], [Define to 1 if using gnutls system wide crypto policy .])
+])
+
# Checks for programs.
AC_PROG_CXX
AC_PROG_CC
diff --git a/src/LibgnutlsTLSSession.cc b/src/LibgnutlsTLSSession.cc
index 37523d9..21196bc 100644
--- a/src/LibgnutlsTLSSession.cc
+++ b/src/LibgnutlsTLSSession.cc
@@ -128,6 +128,9 @@ int GnuTLSSession::init(sock_t sockfd)
// It seems err is not error message, but the argument string
// which causes syntax error.
const char* err;
+#ifdef USE_GNUTLS_SYSTEM_CRYPTO_POLICY
+ rv_ = gnutls_priority_set_direct(sslSession_, "@SYSTEM", &err);
+#else
std::string pri = "SECURE128:+SIGN-RSA-SHA1";
switch (tlsContext_->getMinTLSVersion()) {
case TLS_PROTO_TLS12:
@@ -142,6 +145,7 @@ int GnuTLSSession::init(sock_t sockfd)
break;
};
rv_ = gnutls_priority_set_direct(sslSession_, pri.c_str(), &err);
+#endif
if (rv_ != GNUTLS_E_SUCCESS) {
return TLS_ERR_ERROR;
}
--
2.5.0