Don't differentiate the protocols used when using direct SSL/TLS versus STARTTLS

Patch by Alessandro Di Federico

diff --git a/AUTHORS b/AUTHORS
index 04b8f751314d2312671e62da17168a1ab8df3152..52adcdcb6248fae65363b688e9a7046e31197854 100644 (file)
--- a/AUTHORS
+++ b/AUTHORS
@@ -307,3 +307,4 @@ contributors (in addition to the above; based on Changelog)
        Christoph Ruegge
        Igor Gnatenko
        Kevin Day
+       Alessandro Di Federico

diff --git a/src/common/session.c b/src/common/session.c
index 959c7a28e6785e6956dd765c893df4476fe371ad..6926d765ecad462ab765c4580c1ed39091ac4a7a 100644 (file)
--- a/src/common/session.c
+++ b/src/common/session.c
@@ -378,7 +378,7 @@ gint session_start_tls(Session *session)
        if (nb_mode)
                sock_set_nonblocking_mode(session->sock, FALSE);
 
-       if (!ssl_init_socket_with_method(session->sock, SSL_METHOD_TLSv1)) {
+       if (!ssl_init_socket(session->sock)) {
                g_warning("couldn't start TLS session.\n");
                if (nb_mode)
                        sock_set_nonblocking_mode(session->sock, session->nonblocking);

diff --git a/src/common/ssl.c b/src/common/ssl.c
index c56a948a61780e3de40ec8bf808f1ca12cc85be2..f6122992f04252d3f8445d5457fcc7ff640cbd01 100644 (file)
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -255,11 +255,6 @@ static gint SSL_connect_nb(gnutls_session_t ssl)
 #endif
 }
 
-gboolean ssl_init_socket(SockInfo *sockinfo)
-{
-       return ssl_init_socket_with_method(sockinfo, SSL_METHOD_SSLv23);
-}
-
 gnutls_x509_crt_t *ssl_get_certificate_chain(gnutls_session_t session, gint *list_len)
 {
        const gnutls_datum_t *raw_cert_list;
@@ -307,7 +302,7 @@ gnutls_x509_crt_t *ssl_get_certificate_chain(gnutls_session_t session, gint *lis
        return certs;
 }
 
-gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
+gboolean ssl_init_socket(SockInfo *sockinfo)
 {
        gnutls_session_t session;
        int r, i;
@@ -328,10 +323,7 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
                            sockinfo->gnutls_priority, r);
        }
        else {
-               if (method == 0)
-                       gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL);
-               else
-                       gnutls_priority_set_direct(session, "NORMAL", NULL);
+               gnutls_priority_set_direct(session, "NORMAL", NULL);
        }
        gnutls_record_disable_padding(session);
 

diff --git a/src/common/ssl.h b/src/common/ssl.h
index f180d55edfe4a4d59b4a496cde1bd3f432b5c661..185faca2c604cab06f2e84453ee25f39eb94b152 100644 (file)
--- a/src/common/ssl.h
+++ b/src/common/ssl.h
@@ -37,16 +37,9 @@ typedef enum {
 #include <gnutls/x509.h>
 #include "socket.h"
 
-typedef enum {
-       SSL_METHOD_SSLv23,
-       SSL_METHOD_TLSv1
-} SSLMethod;
-
 void ssl_init                          (void);
 void ssl_done                          (void);
 gboolean ssl_init_socket               (SockInfo       *sockinfo);
-gboolean ssl_init_socket_with_method   (SockInfo       *sockinfo,
-                                        SSLMethod       method);
 void ssl_done_socket                   (SockInfo       *sockinfo);
 
 typedef struct _SSLClientCertHookData SSLClientCertHookData;

diff --git a/src/gtk/authors.h b/src/gtk/authors.h
index cbfc14df53d13b967ff00b48f9811a62723dd676..7e6af84c15f99ba51f30c5ea1d69d410be049c58 100644 (file)
--- a/src/gtk/authors.h
+++ b/src/gtk/authors.h
@@ -125,6 +125,7 @@ static char *CONTRIBS_LIST[] = {
 "Leonid Evdokimov",
 "Xavier FACQ",
 "Tiago Faria",
+"Alessandro Di Federico",
 "Lars Persson Fink",
 "Bob Forsman",
 "Matthias Förste",