From: Paul Date: Sat, 13 Apr 2013 07:33:58 +0000 (+0100) Subject: Add support for GnuTLS priority string. X-Git-Tag: 3.9.1~23 X-Git-Url: http://git.claws-mail.org/?p=claws.git;a=commitdiff_plain;h=baeee394b3f7fff7e8a5f3a0556f9d0dafd987fb Add support for GnuTLS priority string. Patch by Darko Koruga --- diff --git a/src/common/session.c b/src/common/session.c index 6e1e2b9d8..c43e5e413 100644 --- a/src/common/session.c +++ b/src/common/session.c @@ -166,6 +166,8 @@ static gint session_connect_cb(SockInfo *sock, gpointer data) sock->account = session->account; sock->is_smtp = session->is_smtp; #ifdef USE_GNUTLS + sock->gnutls_priority = session->gnutls_priority; + if (session->ssl_type == SSL_TUNNEL) { sock_set_nonblocking_mode(sock, FALSE); if (!ssl_init_socket(sock)) { @@ -226,6 +228,9 @@ void session_destroy(Session *session) g_byte_array_free(session->read_data_buf, TRUE); g_free(session->read_data_terminator); g_free(session->write_buf); +#ifdef USE_GNUTLS + g_free(session->gnutls_priority); +#endif debug_print("session (%p): destroyed\n", session); diff --git a/src/common/session.h b/src/common/session.h index 6ed2d24cd..00675c4d6 100644 --- a/src/common/session.h +++ b/src/common/session.h @@ -158,6 +158,7 @@ struct _Session #ifdef USE_GNUTLS SSLType ssl_type; + gchar *gnutls_priority; #endif }; diff --git a/src/common/socket.h b/src/common/socket.h index c0a664dff..39c6e2e75 100644 --- a/src/common/socket.h +++ b/src/common/socket.h @@ -63,6 +63,7 @@ struct _SockInfo gnutls_certificate_credentials_t xcred; gnutls_x509_crt_t client_crt; gnutls_x509_privkey_t client_key; + gchar *gnutls_priority; #endif guint g_source; GIOChannel *sock_ch; diff --git a/src/common/ssl.c b/src/common/ssl.c index b7623de8f..113462b37 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -277,10 +277,17 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method) if (session == NULL || r != 0) return FALSE; - if (method == 0) - gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL); - else - gnutls_priority_set_direct(session, "NORMAL", NULL); + if (sockinfo->gnutls_priority && strlen(sockinfo->gnutls_priority)) { + r = gnutls_priority_set_direct(session, sockinfo->gnutls_priority, NULL); + debug_print("Setting GnuTLS priority to %s, status = %d\n", + sockinfo->gnutls_priority, r); + } + else { + if (method == 0) + gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL); + else + gnutls_priority_set_direct(session, "NORMAL", NULL); + } gnutls_record_disable_padding(session); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); diff --git a/src/prefs_account.c b/src/prefs_account.c index 4e2afefc6..aff28aee1 100644 --- a/src/prefs_account.c +++ b/src/prefs_account.c @@ -814,6 +814,14 @@ static PrefParam advanced_param[] = { &advanced_page.domain_entry, prefs_set_data_from_entry, prefs_set_entry}, +#ifdef USE_GNUTLS + {"gnutls_set_priority", "FALSE", &tmp_ac_prefs.set_gnutls_priority, P_BOOL, + NULL, NULL, NULL}, + + {"gnutls_priority", NULL, &tmp_ac_prefs.gnutls_priority, P_STRING, + NULL, NULL, NULL}, +#endif + #ifndef G_OS_WIN32 {"set_tunnelcmd", "FALSE", &tmp_ac_prefs.set_tunnelcmd, P_BOOL, &advanced_page.tunnelcmd_checkbtn, diff --git a/src/prefs_account.h b/src/prefs_account.h index 9a3b3d153..2ff920707 100644 --- a/src/prefs_account.h +++ b/src/prefs_account.h @@ -166,6 +166,8 @@ struct _PrefsAccount gushort nntpport; gboolean set_domain; gchar *domain; + gboolean set_gnutls_priority; + gchar *gnutls_priority; gboolean msgid_with_addr; gboolean mark_crosspost_read; gint crosspost_col; diff --git a/src/send_message.c b/src/send_message.c index 38b2d2c95..e76794d70 100644 --- a/src/send_message.c +++ b/src/send_message.c @@ -300,6 +300,9 @@ gint send_message_smtp_full(PrefsAccount *ac_prefs, GSList *to_list, FILE *fp, g session->ssl_type = ac_prefs->ssl_smtp; if (ac_prefs->ssl_smtp != SSL_NONE) session->nonblocking = ac_prefs->use_nonblocking_ssl; + if (ac_prefs->set_gnutls_priority && ac_prefs->gnutls_priority && + strlen(ac_prefs->gnutls_priority)) + session->gnutls_priority = g_strdup(ac_prefs->gnutls_priority); #else if (ac_prefs->ssl_smtp != SSL_NONE) { if (alertpanel_full(_("Insecure connection"),