From 1849ccfbba57038f1fa57fd0621b80e77a198a4c Mon Sep 17 00:00:00 2001
From: Athmane Madjoudj <athmane@fedoraproject.org>
Date: Wed, 17 Feb 2016 00:11:23 +0100
Subject: [PATCH] Add support for using gnutls system wide crypto policy

---
 configure.ac               | 7 +++++++
 src/LibgnutlsTLSSession.cc | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/configure.ac b/configure.ac
index e71db40e..50d60bf1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -95,6 +95,13 @@ AC_ARG_WITH([bashcompletiondir],
 
 AC_ARG_VAR([ARIA2_STATIC], [Set 'yes' to build a statically linked aria2])
 
+AC_ARG_ENABLE([gnutls-system-crypto-policy],
+    AS_HELP_STRING([--enable-gnutls-system-crypto-policy], [Enable gnutls system wide crypto policy]))
+
+AS_IF([test "x$enable_gnutls_system_crypto_policy" = "xyes"], [
+  AC_DEFINE([USE_GNUTLS_SYSTEM_CRYPTO_POLICY], [1], [Define to 1 if using gnutls system wide crypto policy .])
+])
+
 # Checks for programs.
 AC_PROG_CXX
 AC_PROG_CC
diff --git a/src/LibgnutlsTLSSession.cc b/src/LibgnutlsTLSSession.cc
index 37523d99..21196bc7 100644
--- a/src/LibgnutlsTLSSession.cc
+++ b/src/LibgnutlsTLSSession.cc
@@ -128,6 +128,9 @@ int GnuTLSSession::init(sock_t sockfd)
   // It seems err is not error message, but the argument string
   // which causes syntax error.
   const char* err;
+#ifdef USE_GNUTLS_SYSTEM_CRYPTO_POLICY
+  rv_ = gnutls_priority_set_direct(sslSession_, "@SYSTEM", &err);
+#else
   std::string pri = "SECURE128:+SIGN-RSA-SHA1";
   switch (tlsContext_->getMinTLSVersion()) {
   case TLS_PROTO_TLS12:
@@ -142,6 +145,7 @@ int GnuTLSSession::init(sock_t sockfd)
     break;
   };
   rv_ = gnutls_priority_set_direct(sslSession_, pri.c_str(), &err);
+#endif  
   if (rv_ != GNUTLS_E_SUCCESS) {
     return TLS_ERR_ERROR;
   }