aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/vtls/gtls.c15
2 files changed, 12 insertions, 4 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 03dc74530..3ef4e909f 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -40,6 +40,7 @@ This release includes the following bugfixes:
o nss: fix a memory leak when CURLOPT_CRLFILE is used
o gnutls: ignore invalid certificate dates with VERIFYPEER disabled
o gnutls: fix SRP support with versions of GnuTLS from 2.99.0
+ o gnutls: fixed compilation against versions < 2.12.0
o
This release includes the following known bugs:
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 54bfef118..ec582e096 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -369,10 +369,17 @@ gtls_connect_step1(struct connectdata *conn,
struct in_addr addr;
#endif
#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
- static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_3DES_CBC,
+ static const int cipher_priority[] = {
+ /* These two ciphers were added to GnuTLS as late as ver. 3.0.1,
+ but this code path is only ever used for ver. < 2.12.0.
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_AES_256_GCM,
+ */
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
};
static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
static int protocol_priority[] = { 0, 0, 0, 0 };