/*
* Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 1999-2011 Hiroyuki Yamamoto and the Claws Mail team
+ * Copyright (C) 1999-2012 Hiroyuki Yamamoto and the Claws Mail team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#ifdef HAVE_CONFIG_H
# include "config.h"
+#include "claws-features.h"
#endif
#ifdef USE_GNUTLS
#include <glib/gi18n.h>
#include <errno.h>
#include <pthread.h>
+
+#if GNUTLS_VERSION_NUMBER <= 0x020b00
#include <gcrypt.h>
GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
#include "claws.h"
#include "utils.h"
const char *cert_files[]={
"/etc/pki/tls/certs/ca-bundle.crt",
"/etc/certs/ca-bundle.crt",
+ "/etc/ssl/ca-bundle.pem",
"/usr/share/ssl/certs/ca-bundle.crt",
"/etc/ssl/certs/ca-certificates.crt",
"/usr/local/ssl/certs/ca-bundle.crt",
void ssl_init(void)
{
+#if GNUTLS_VERSION_NUMBER <= 0x020b00
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+#endif
#ifdef HAVE_LIBETPAN
mailstream_gnutls_init_not_required();
#endif
{
gnutls_session session;
int r;
- const int cipher_prio[] = { GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_ARCFOUR_128, 0 };
- const int kx_prio[] = { GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_RSA,
- GNUTLS_KX_DHE_DSS, 0 };
- const int mac_prio[] = { GNUTLS_MAC_SHA1,
- GNUTLS_MAC_MD5, 0 };
- const int proto_prio[] = { GNUTLS_TLS1,
- GNUTLS_SSL3, 0 };
const gnutls_datum *raw_cert_list;
unsigned int raw_cert_list_length;
gnutls_x509_crt cert = NULL;
r = gnutls_init(&session, GNUTLS_CLIENT);
if (session == NULL || r != 0)
return FALSE;
-
- gnutls_transport_set_lowat (session, 1);
- gnutls_set_default_priority(session);
- gnutls_protocol_set_priority (session, proto_prio);
- gnutls_cipher_set_priority (session, cipher_prio);
- gnutls_kx_set_priority (session, kx_prio);
- gnutls_mac_set_priority (session, mac_prio);
+
+#if GNUTLS_VERSION_NUMBER < 0x030003
+ gnutls_transport_set_lowat (session, 0);
+#endif
+ if (method == 0)
+ gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL);
+ else
+ gnutls_priority_set_direct(session, "NORMAL", NULL);
gnutls_record_disable_padding(session);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);