Tickets

Index: src/tlsgnutlsclient.cpp
===================================================================
--- src/tlsgnutlsclient.cpp	(revision 4537)
+++ src/tlsgnutlsclient.cpp	(working copy)
@@ -50,17 +50,6 @@
   {
     gcry_control( GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread );
 
-    const int protocolPriority[] = {
-#ifdef GNUTLS_TLS1_2
-      GNUTLS_TLS1_2,
-#endif
-      GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
-    const int kxPriority[]       = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, 0 };
-    const int cipherPriority[]   = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
-                                     GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
-    const int compPriority[]     = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
-    const int macPriority[]      = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
-
     if( m_initLib && gnutls_global_init() != 0 )
       return false;
 
@@ -73,11 +62,28 @@
       return false;
     }
 
+#if GNUTLS_VERSION_NUMBER >= 0x020600
+    int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL", 0 );
+    if( ret != GNUTLS_E_SUCCESS )
+      return false;
+#else
+    const int protocolPriority[] = {
+#ifdef GNUTLS_TLS1_2
+      GNUTLS_TLS1_2,
+#endif
+      GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
+    const int kxPriority[]       = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, 0 };
+    const int cipherPriority[]   = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
+                                     GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
+    const int compPriority[]     = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
+    const int macPriority[]      = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
     gnutls_protocol_set_priority( *m_session, protocolPriority );
     gnutls_cipher_set_priority( *m_session, cipherPriority );
     gnutls_compression_set_priority( *m_session, compPriority );
     gnutls_kx_set_priority( *m_session, kxPriority );
     gnutls_mac_set_priority( *m_session, macPriority );
+#endif
+
     gnutls_credentials_set( *m_session, GNUTLS_CRD_CERTIFICATE, m_credentials );
 
     gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this );
Index: src/tlsgnutlsclient.h
===================================================================
--- src/tlsgnutlsclient.h	(revision 4537)
+++ src/tlsgnutlsclient.h	(working copy)
@@ -71,7 +71,7 @@
       bool verifyAgainst( gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer );
       bool verifyAgainstCAs( gnutls_x509_crt_t cert, gnutls_x509_crt_t *CAList, int CAListSize );
 
-      gnutls_certificate_credentials m_credentials;
+      gnutls_certificate_credentials_t m_credentials;
 
   };