[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [PATCH] PFS runtime check
From: |
Tim Rühsen |
Subject: |
Re: [Bug-wget] [PATCH] PFS runtime check |
Date: |
Sat, 07 Sep 2013 21:38:28 +0200 |
User-agent: |
KMail/4.10.5 (Linux/3.10-2-amd64; KDE/4.10.5; x86_64; ; ) |
Am Samstag, 7. September 2013, 12:16:56 schrieb Daniel Kahn Gillmor:
> On 09/07/2013 12:10 PM, Daniel Kahn Gillmor wrote:
> > it might be better to do a runtime check (e.g. using
> > gnutls_check_version(NULL) >= 0x030204) instead of a compile-time check.
>
> sigh. that is of course the wrong code. to do a proper runtime check,
> it should be:
>
> if (gnutls_check_version("3.2.4"))
> err = gnutls_priority_set_direct (session, "PFS", NULL);
> else
> err = gnutls_priority_set_direct (session, "NORMAL:-RSA", NULL);
Of course that is much better than a compile time check.
I was not aware of gnutls_check_version(), thanks for your review !
@Giuseppe: Please apply the attached patch.
Tim
0001-PFS-runtime-check.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part.