github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

Add support for using gnutls system wide crypto policy

pull/573/head
Athmane Madjoudj 2016-02-17 00:11:23 +01:00
parent b0909469cd
commit 1849ccfbba
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
configure.ac
View File

@ -95,6 +95,13 @@ AC_ARG_WITH([bashcompletiondir],
AC_ARG_VAR([ARIA2_STATIC], [Set 'yes' to build a statically linked aria2])
AC_ARG_ENABLE([gnutls-system-crypto-policy],
AS_HELP_STRING([--enable-gnutls-system-crypto-policy], [Enable gnutls system wide crypto policy]))
AS_IF([test "x$enable_gnutls_system_crypto_policy" = "xyes"], [
AC_DEFINE([USE_GNUTLS_SYSTEM_CRYPTO_POLICY], [1], [Define to 1 if using gnutls system wide crypto policy .])
])
# Checks for programs.
AC_PROG_CXX
AC_PROG_CC

4
src/LibgnutlsTLSSession.cc
View File

@ -128,6 +128,9 @@ int GnuTLSSession::init(sock_t sockfd)
// It seems err is not error message, but the argument string
// which causes syntax error.
const char* err;
#ifdef USE_GNUTLS_SYSTEM_CRYPTO_POLICY
rv_ = gnutls_priority_set_direct(sslSession_, "@SYSTEM", &err);
#else
std::string pri = "SECURE128:+SIGN-RSA-SHA1";
switch (tlsContext_->getMinTLSVersion()) {
case TLS_PROTO_TLS12:
@ -142,6 +145,7 @@ int GnuTLSSession::init(sock_t sockfd)
break;
};
rv_ = gnutls_priority_set_direct(sslSession_, pri.c_str(), &err);
#endif
if (rv_ != GNUTLS_E_SUCCESS) {
return TLS_ERR_ERROR;
}