Index: src/tlsgnutlsclient.cpp =================================================================== --- src/tlsgnutlsclient.cpp (revision 4537) +++ src/tlsgnutlsclient.cpp (working copy) @@ -50,17 +50,6 @@ { gcry_control( GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread ); - const int protocolPriority[] = { -#ifdef GNUTLS_TLS1_2 - GNUTLS_TLS1_2, -#endif - GNUTLS_TLS1_1, GNUTLS_TLS1, 0 }; - const int kxPriority[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, 0 }; - const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 }; - const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; - const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; - if( m_initLib && gnutls_global_init() != 0 ) return false; @@ -73,11 +62,28 @@ return false; } +#if GNUTLS_VERSION_NUMBER >= 0x020600 + int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL", 0 ); + if( ret != GNUTLS_E_SUCCESS ) + return false; +#else + const int protocolPriority[] = { +#ifdef GNUTLS_TLS1_2 + GNUTLS_TLS1_2, +#endif + GNUTLS_TLS1_1, GNUTLS_TLS1, 0 }; + const int kxPriority[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, 0 }; + const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 }; + const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; + const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; gnutls_protocol_set_priority( *m_session, protocolPriority ); gnutls_cipher_set_priority( *m_session, cipherPriority ); gnutls_compression_set_priority( *m_session, compPriority ); gnutls_kx_set_priority( *m_session, kxPriority ); gnutls_mac_set_priority( *m_session, macPriority ); +#endif + gnutls_credentials_set( *m_session, GNUTLS_CRD_CERTIFICATE, m_credentials ); gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this ); Index: src/tlsgnutlsclient.h =================================================================== --- src/tlsgnutlsclient.h (revision 4537) +++ src/tlsgnutlsclient.h (working copy) @@ -71,7 +71,7 @@ bool verifyAgainst( gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer ); bool verifyAgainstCAs( gnutls_x509_crt_t cert, gnutls_x509_crt_t *CAList, int CAListSize ); - gnutls_certificate_credentials m_credentials; + gnutls_certificate_credentials_t m_credentials; };