Home Explore Help
Register Sign In
hebinlong
/
aria2
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

2009-07-09 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>

	Removed TLS1.1 protocol support when aria2 is built with gnutls
	for compatibility issue.
	* src/SocketCore.cc
Tatsuhiro Tsujikawa 16 years ago
parent
96113c0745
commit
53d2a64cc5
2 changed files with 17 additions and 1 deletions
Split View Show Diff Stats
  1. 6 0
      ChangeLog
  2. 11 1
      src/SocketCore.cc

+ 6 - 0
ChangeLog
View File 

@@ -1,3 +1,9 @@
 
+2009-07-09  Tatsuhiro Tsujikawa  <t-tujikawa@users.sourceforge.net>
 
+
 
+	Removed TLS1.1 protocol support when aria2 is built with gnutls
 
+	for compatibility issue.
 
+	* src/SocketCore.cc
 
+
 
 2009-07-09  Tatsuhiro Tsujikawa  <t-tujikawa@users.sourceforge.net>
 
 
 	Fixed compile error with openSSL

+ 11 - 1
src/SocketCore.cc
View File 

@@ -742,8 +742,18 @@ void SocketCore::prepareSecureConnection()
 
     }
 
 #endif // HAVE_LIBSSL
 
 #ifdef HAVE_LIBGNUTLS
 
+    int r;
 
     gnutls_init(&sslSession, GNUTLS_CLIENT);
 
-    gnutls_set_default_priority(sslSession);
 
+    // It seems err is not error message, but the argument string
 
+    // which causes syntax error.
 
+    const char* err;
 
+    // Disables TLS1.1 here because there are servers that don't
 
+    // understand TLS1.1.
 
+    r = gnutls_priority_set_direct(sslSession, "NORMAL:!VERS-TLS1.1", &err);
 
+    if(r != GNUTLS_E_SUCCESS) {
 
+      throw DL_ABORT_EX
 
+	(StringFormat(EX_SSL_INIT_FAILURE, gnutls_strerror(r)).str());
 
+    }
 
     // put the x509 credentials to the current session
 
     gnutls_credentials_set(sslSession, GNUTLS_CRD_CERTIFICATE,
 
 			   _tlsContext->getCertCred());