From: Dan Fandrich <dan@coneharvesters.com>
Date: Fri, 11 Jul 2014 21:55:53 +0000 (+0200)
Subject: gnutls: explicitly added SRP to the priority string
X-Git-Tag: upstream/7.37.1~21
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Fcurl.git;a=commitdiff_plain;h=447c31ce9d62913302040304e3f3d9d43743c71f

gnutls: explicitly added SRP to the priority string

This seems to have become necessary for SRP support to work starting
with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
before the function that takes this priority string, there should be no
issue with backward compatibility.
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 5f3bc0c..03dc745 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -39,6 +39,7 @@ This release includes the following bugfixes:
  o tool: prevent valgrind from reporting possibly lost memory (nss only)
  o nss: fix a memory leak when CURLOPT_CRLFILE is used
  o gnutls: ignore invalid certificate dates with VERIFYPEER disabled
+ o gnutls: fix SRP support with versions of GnuTLS from 2.99.0
  o 
 
 This release includes the following known bugs:
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 7f920b2..54bfef1 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -544,19 +544,19 @@ gtls_connect_step1(struct connectdata *conn,
       break;
     case CURL_SSLVERSION_DEFAULT:
     case CURL_SSLVERSION_TLSv1:
-      prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0";
+      prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:+SRP";
       break;
     case CURL_SSLVERSION_TLSv1_0:
       prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-                     "+VERS-TLS1.0";
+                     "+VERS-TLS1.0:+SRP";
       break;
     case CURL_SSLVERSION_TLSv1_1:
       prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-                     "+VERS-TLS1.1";
+                     "+VERS-TLS1.1:+SRP";
       break;
     case CURL_SSLVERSION_TLSv1_2:
       prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-                     "+VERS-TLS1.2";
+                     "+VERS-TLS1.2:+SRP";
       break;
     case CURL_SSLVERSION_SSLv2:
     default:
diff --git a/tests/runtests.pl b/tests/runtests.pl
index 810b807..da71414 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -1452,6 +1452,7 @@ sub runhttptlsserver {
     $flags .= "--http ";
     $flags .= "--debug 1 " if($debugprotocol);
     $flags .= "--port $port ";
+    $flags .= "--priority NORMAL:+SRP ";
     $flags .= "--srppasswd $srcdir/certs/srp-verifier-db ";
     $flags .= "--srppasswdconf $srcdir/certs/srp-verifier-conf";