From 6ab4f38a4f6e8c541fd6df93d7221bfc14fe7d7f Mon Sep 17 00:00:00 2001 From: Paul Date: Thu, 28 Aug 2014 10:55:41 +0100 Subject: [PATCH 1/1] Don't differentiate the protocols used when using direct SSL/TLS versus STARTTLS Patch by Alessandro Di Federico --- AUTHORS | 1 + src/common/session.c | 2 +- src/common/ssl.c | 12 ++---------- src/common/ssl.h | 7 ------- src/gtk/authors.h | 1 + 5 files changed, 5 insertions(+), 18 deletions(-) diff --git a/AUTHORS b/AUTHORS index 04b8f7513..52adcdcb6 100644 --- a/AUTHORS +++ b/AUTHORS @@ -307,3 +307,4 @@ contributors (in addition to the above; based on Changelog) Christoph Ruegge Igor Gnatenko Kevin Day + Alessandro Di Federico diff --git a/src/common/session.c b/src/common/session.c index 959c7a28e..6926d765e 100644 --- a/src/common/session.c +++ b/src/common/session.c @@ -378,7 +378,7 @@ gint session_start_tls(Session *session) if (nb_mode) sock_set_nonblocking_mode(session->sock, FALSE); - if (!ssl_init_socket_with_method(session->sock, SSL_METHOD_TLSv1)) { + if (!ssl_init_socket(session->sock)) { g_warning("couldn't start TLS session.\n"); if (nb_mode) sock_set_nonblocking_mode(session->sock, session->nonblocking); diff --git a/src/common/ssl.c b/src/common/ssl.c index c56a948a6..f6122992f 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -255,11 +255,6 @@ static gint SSL_connect_nb(gnutls_session_t ssl) #endif } -gboolean ssl_init_socket(SockInfo *sockinfo) -{ - return ssl_init_socket_with_method(sockinfo, SSL_METHOD_SSLv23); -} - gnutls_x509_crt_t *ssl_get_certificate_chain(gnutls_session_t session, gint *list_len) { const gnutls_datum_t *raw_cert_list; @@ -307,7 +302,7 @@ gnutls_x509_crt_t *ssl_get_certificate_chain(gnutls_session_t session, gint *lis return certs; } -gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method) +gboolean ssl_init_socket(SockInfo *sockinfo) { gnutls_session_t session; int r, i; @@ -328,10 +323,7 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method) sockinfo->gnutls_priority, r); } else { - if (method == 0) - gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL); - else - gnutls_priority_set_direct(session, "NORMAL", NULL); + gnutls_priority_set_direct(session, "NORMAL", NULL); } gnutls_record_disable_padding(session); diff --git a/src/common/ssl.h b/src/common/ssl.h index f180d55ed..185faca2c 100644 --- a/src/common/ssl.h +++ b/src/common/ssl.h @@ -37,16 +37,9 @@ typedef enum { #include #include "socket.h" -typedef enum { - SSL_METHOD_SSLv23, - SSL_METHOD_TLSv1 -} SSLMethod; - void ssl_init (void); void ssl_done (void); gboolean ssl_init_socket (SockInfo *sockinfo); -gboolean ssl_init_socket_with_method (SockInfo *sockinfo, - SSLMethod method); void ssl_done_socket (SockInfo *sockinfo); typedef struct _SSLClientCertHookData SSLClientCertHookData; diff --git a/src/gtk/authors.h b/src/gtk/authors.h index cbfc14df5..7e6af84c1 100644 --- a/src/gtk/authors.h +++ b/src/gtk/authors.h @@ -125,6 +125,7 @@ static char *CONTRIBS_LIST[] = { "Leonid Evdokimov", "Xavier FACQ", "Tiago Faria", +"Alessandro Di Federico", "Lars Persson Fink", "Bob Forsman", "Matthias Förste", -- 2.43.0