procyberian/emacs
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add %DUMBFW to the default GnuTLS priority strings

Browse source 
* lisp/net/gnutls.el (gnutls-boot-parameters): Add %DUMBFW to
the default priority strings (Bug#25061).

* etc/NEWS: Mention it.

* doc/misc/emacs-gnutls.texi (Help For Users): Point to the
GnuTLS priority string documentation URL.
This commit is contained in:
Ted Zlatanov 2017-12-14 23:16:38 -05:00
parent 780407cff1
commit a21dac18bb
No known key found for this signature in database
GPG key ID: 11F23D0A4E4B9DEE
3 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
doc/misc/emacs-gnutls.texi
View file

@ -116,9 +116,11 @@ information.
The @code{gnutls-algorithm-priority} variable sets the GnuTLS priority The @code{gnutls-algorithm-priority} variable sets the GnuTLS priority
string. This is global, not per host name (although string. This is global, not per host name (although
@code{gnutls-negotiate} supports a priority string per connection so @code{gnutls-negotiate} supports a priority string per connection so
it could be done if needed). The priority string syntax is in the it could be done if needed). For details see the
@uref{https://www.gnu.org/software/gnutls/documentation.html, GnuTLS @uref{https://www.gnu.org/software/gnutls/documentation.html, GnuTLS
documentation}. documentation} and the
@uref{https://gnutls.org/manual/html_node/Priority-Strings.html,
GnuTLS priority string syntax and description}.
@end defvar @end defvar
@defvar gnutls-trustfiles @defvar gnutls-trustfiles

3
etc/NEWS
View file

@ -431,6 +431,9 @@ You can enable this by customizing 'mwheel-tilt-scroll-p'. If you
want to reverse the direction of the scroll, customize want to reverse the direction of the scroll, customize
'mwheel-flip-direction'. 'mwheel-flip-direction'.
+++
** The default GnuTLS priority string now includes %DUMBFW.
** Emacsclient changes ** Emacsclient changes
+++ +++

6
lisp/net/gnutls.el
View file

@ -217,7 +217,7 @@ For the meaning of the rest of the parameters, see `gnutls-boot-parameters'."
TYPE is `gnutls-x509pki' (default) or `gnutls-anon'. Use nil for the default. TYPE is `gnutls-x509pki' (default) or `gnutls-anon'. Use nil for the default.
HOSTNAME is the remote hostname. It must be a valid string. HOSTNAME is the remote hostname. It must be a valid string.
PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\". PRIORITY-STRING is as per the GnuTLS docs, default is based on \"NORMAL\".
TRUSTFILES is a list of CA bundles. It defaults to `gnutls-trustfiles'. TRUSTFILES is a list of CA bundles. It defaults to `gnutls-trustfiles'.
CRLFILES is a list of CRL files. CRLFILES is a list of CRL files.
KEYLIST is an alist of (client key file, client cert file) pairs. KEYLIST is an alist of (client key file, client cert file) pairs.
@ -265,11 +265,11 @@ defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
(priority-string (or priority-string (priority-string (or priority-string
(cond (cond
((eq type 'gnutls-anon) ((eq type 'gnutls-anon)
"NORMAL:+ANON-DH:!ARCFOUR-128") "NORMAL:+ANON-DH:!ARCFOUR-128:%DUMBFW")
((eq type 'gnutls-x509pki) ((eq type 'gnutls-x509pki)
(if gnutls-algorithm-priority (if gnutls-algorithm-priority
(upcase gnutls-algorithm-priority) (upcase gnutls-algorithm-priority)
"NORMAL"))))) "NORMAL:%DUMBFW")))))
(verify-error (or verify-error (verify-error (or verify-error
;; this uses the value of `gnutls-verify-error' ;; this uses the value of `gnutls-verify-error'
(cond (cond