[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls 2.9.10 breaks exim4 TLS (Denying unsafe (re)negotiation.)

From: Nikos Mavrogiannopoulos
Subject: Re: gnutls 2.9.10 breaks exim4 TLS (Denying unsafe (re)negotiation.)
Date: Tue, 18 May 2010 21:14:36 +0200
User-agent: Thunderbird (X11/20100411)

Andreas Metzler wrote:
> On 2010-05-08 Nikos Mavrogiannopoulos <address@hidden> wrote:
> [...]
>> How easy would it be for exim to use gnutls_priority_* functions? The
>> others have been deprecated for quite a time. Moreover it would be
>> easier for exim to setup a configuration string for the
>> priority_set_direct function.
> [...]
> Hello,
> Doable, but not without pain. Exim exposes the gnutls_priority_*
> functions to the user (see options tls_require_ciphers et al in
> switching would cause an configuration file syntax change. - It could
> either ignore the old settings while still warning about them or
> throw an error (invalid setting).

Does the attached patch to gnutls fixes the issue?

diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 6cc8b68..617e7d8 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -350,6 +350,11 @@ gnutls_init (gnutls_session_t * session, 
gnutls_connection_end_t con_end)
   _gnutls_handshake_internal_state_init (*session);
+  /* emulate old gnutls behavior for old applications that do not use the 
+   * functions.
+   */
+  session->internals.priorities.unsafe_renegotiation = 1;
   return 0;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]