diff options
author | Nikos Mavrogiannopoulos | 2007-12-02 16:17:54 +0000 |
---|---|---|
committer | Nokis Mavrogiannopoulos | 2007-12-02 16:17:54 +0000 |
commit | ea470be2a191d7f1d713f64cc64f44f905999c03 (patch) | |
tree | 9733d13336bb367846a3f1bf1d16b59ea2a16820 | |
parent | af4998ee9772aa7950e8d7c296ed6f8dc57d8bbb (diff) |
The compatibility mode can now be enabled only using the GnuTLSPriorities string.
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | src/gnutls_hooks.c | 5 |
2 files changed, 4 insertions, 6 deletions
@@ -4,4 +4,7 @@ | |||
4 | Only one per certificate is supported. | 4 | Only one per certificate is supported. |
5 | 5 | ||
6 | - New enviroment variables: SSL_CLIENT_M_VERSION, SSL_CLIENT_S_SAN%, | 6 | - New enviroment variables: SSL_CLIENT_M_VERSION, SSL_CLIENT_S_SAN%, |
7 | SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE \ No newline at end of file | 7 | SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE |
8 | |||
9 | - The compatibility mode can now be enabled explicitely with the | ||
10 | %COMPAT keyword at the GnuTLSPriorities string. It is no longer the default. | ||
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 1af82a7..e3edba2 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
@@ -631,11 +631,6 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) | |||
631 | 631 | ||
632 | gnutls_init(&ctxt->session, GNUTLS_SERVER); | 632 | gnutls_init(&ctxt->session, GNUTLS_SERVER); |
633 | 633 | ||
634 | /* This is not very good as it trades security for compatibility, | ||
635 | * but it is the only way to be ultra-portable. | ||
636 | */ | ||
637 | gnutls_session_enable_compatibility_mode(ctxt->session); | ||
638 | |||
639 | /* because we don't set any default priorities here (we set later at | 634 | /* because we don't set any default priorities here (we set later at |
640 | * the user hello callback) we need to at least set this in order for | 635 | * the user hello callback) we need to at least set this in order for |
641 | * gnutls to be able to read packets. | 636 | * gnutls to be able to read packets. |