On 2015-05-12 Thomas Dickey <[email protected]> wrote: > On Mon, May 11, 2015 at 07:09:01PM +0200, Andreas Metzler wrote: >> As a hotfix +CTYPE-X.509:+SIGN-ALL could be added, however looking the >> string I wonder whether it would not be better if lynx simple used >> GnuTLS default settings with gnutls_set_default_priority() by default. >> Optionally a configuration option allowing a user to specify an >> alternate priority-string could be used.
> simpler settings sounds like an improvement... Hello, ;-) Great to see you agreeing. Attached q'n'd change[1] worked for me on a quick test. As gnutls_set_default_priority() was added in 2002 (GnuTLS 0.5.9) there is no need to add a autoconf test for it. cu Andreas [1] Removing unused stuff from src/tidy_tls.c and configure.in missing. -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff --git a/src/tidy_tls.c b/src/tidy_tls.c index f6dea81..df8efb4 100644 --- a/src/tidy_tls.c +++ b/src/tidy_tls.c @@ -542,21 +542,7 @@ SSL *SSL_new(SSL_CTX * ctx) ssl->ctx = ctx; gnutls_init(&ssl->gnutls_state, ctx->method->connend); - -#if USE_SET_DIRECT - UpdatePriority(ssl); -#else - gnutls_protocol_set_priority(ssl->gnutls_state, - ctx->method->priority.protocol); - gnutls_cipher_set_priority(ssl->gnutls_state, - ctx->method->priority.encrypts); - gnutls_compression_set_priority(ssl->gnutls_state, - ctx->method->priority.compress); - gnutls_kx_set_priority(ssl->gnutls_state, - ctx->method->priority.key_xchg); - gnutls_mac_set_priority(ssl->gnutls_state, - ctx->method->priority.msg_code); -#endif + gnutls_set_default_priority(ssl->gnutls_state); gnutls_credentials_set(ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE, ssl->gnutls_cred);
_______________________________________________ Lynx-dev mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/lynx-dev
