if (nb_mode)
sock_set_nonblocking_mode(session->sock, FALSE);
- if (!ssl_init_socket_with_method(session->sock, SSL_METHOD_TLSv1)) {
+ if (!ssl_init_socket(session->sock)) {
g_warning("couldn't start TLS session.\n");
if (nb_mode)
sock_set_nonblocking_mode(session->sock, session->nonblocking);
#endif
}
-gboolean ssl_init_socket(SockInfo *sockinfo)
-{
- return ssl_init_socket_with_method(sockinfo, SSL_METHOD_SSLv23);
-}
-
gnutls_x509_crt_t *ssl_get_certificate_chain(gnutls_session_t session, gint *list_len)
{
const gnutls_datum_t *raw_cert_list;
return certs;
}
-gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
+gboolean ssl_init_socket(SockInfo *sockinfo)
{
gnutls_session_t session;
int r, i;
sockinfo->gnutls_priority, r);
}
else {
- if (method == 0)
- gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL);
- else
- gnutls_priority_set_direct(session, "NORMAL", NULL);
+ gnutls_priority_set_direct(session, "NORMAL", NULL);
}
gnutls_record_disable_padding(session);
#include <gnutls/x509.h>
#include "socket.h"
-typedef enum {
- SSL_METHOD_SSLv23,
- SSL_METHOD_TLSv1
-} SSLMethod;
-
void ssl_init (void);
void ssl_done (void);
gboolean ssl_init_socket (SockInfo *sockinfo);
-gboolean ssl_init_socket_with_method (SockInfo *sockinfo,
- SSLMethod method);
void ssl_done_socket (SockInfo *sockinfo);
typedef struct _SSLClientCertHookData SSLClientCertHookData;