diff options
| -rw-r--r-- | RELEASE-NOTES | 1 | ||||
| -rw-r--r-- | lib/vtls/gtls.c | 8 | ||||
| -rwxr-xr-x | tests/runtests.pl | 1 |
3 files changed, 6 insertions, 4 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 5f3bc0cd3..03dc74530 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -39,6 +39,7 @@ This release includes the following bugfixes: o tool: prevent valgrind from reporting possibly lost memory (nss only) o nss: fix a memory leak when CURLOPT_CRLFILE is used o gnutls: ignore invalid certificate dates with VERIFYPEER disabled + o gnutls: fix SRP support with versions of GnuTLS from 2.99.0 o This release includes the following known bugs: diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 7f920b27a..54bfef118 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -544,19 +544,19 @@ gtls_connect_step1(struct connectdata *conn, break; case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: - prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0"; + prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:+SRP"; break; case CURL_SSLVERSION_TLSv1_0: prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" - "+VERS-TLS1.0"; + "+VERS-TLS1.0:+SRP"; break; case CURL_SSLVERSION_TLSv1_1: prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" - "+VERS-TLS1.1"; + "+VERS-TLS1.1:+SRP"; break; case CURL_SSLVERSION_TLSv1_2: prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" - "+VERS-TLS1.2"; + "+VERS-TLS1.2:+SRP"; break; case CURL_SSLVERSION_SSLv2: default: diff --git a/tests/runtests.pl b/tests/runtests.pl index 810b80732..da71414f8 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -1452,6 +1452,7 @@ sub runhttptlsserver { $flags .= "--http "; $flags .= "--debug 1 " if($debugprotocol); $flags .= "--port $port "; + $flags .= "--priority NORMAL:+SRP "; $flags .= "--srppasswd $srcdir/certs/srp-verifier-db "; $flags .= "--srppasswdconf $srcdir/certs/srp-verifier-conf"; |