diff options
| -rw-r--r-- | lockdown.c | 17 |
1 files changed, 13 insertions, 4 deletions
| @@ -158,10 +158,19 @@ int lockdownd_start_SSL_session(lockdownd_client *control, const char *HostID) { | |||
| 158 | gnutls_certificate_allocate_credentials(&xcred); | 158 | gnutls_certificate_allocate_credentials(&xcred); |
| 159 | gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM); | 159 | gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM); |
| 160 | gnutls_init(control->ssl_session, GNUTLS_CLIENT); | 160 | gnutls_init(control->ssl_session, GNUTLS_CLIENT); |
| 161 | if ((return_me = gnutls_priority_set_direct(*control->ssl_session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+SHA256:+SHA512:+MD5:+COMP-NULL", NULL)) < 0) { | 161 | { |
| 162 | printf("oops? bad options?\n"); | 162 | int protocol_priority[16] = {GNUTLS_SSL3, 0 }; |
| 163 | gnutls_perror(return_me); | 163 | int kx_priority[16] = { GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA, 0 }; |
| 164 | return 0; | 164 | int cipher_priority[16] = { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, 0 }; |
| 165 | int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_SHA256, GNUTLS_MAC_SHA512, GNUTLS_MAC_MD5, 0 }; | ||
| 166 | int comp_priority[16] = { GNUTLS_COMP_NULL, 0 }; | ||
| 167 | |||
| 168 | gnutls_cipher_set_priority(*control->ssl_session, cipher_priority); | ||
| 169 | gnutls_compression_set_priority(*control->ssl_session, comp_priority); | ||
| 170 | gnutls_kx_set_priority(*control->ssl_session, kx_priority); | ||
| 171 | gnutls_protocol_set_priority( *control->ssl_session, protocol_priority); | ||
| 172 | gnutls_mac_set_priority(*control->ssl_session, mac_priority); | ||
| 173 | |||
| 165 | } | 174 | } |
| 166 | gnutls_credentials_set(*control->ssl_session, GNUTLS_CRD_CERTIFICATE, xcred); // this part is killing me. | 175 | gnutls_credentials_set(*control->ssl_session, GNUTLS_CRD_CERTIFICATE, xcred); // this part is killing me. |
| 167 | 176 | ||
