[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [PATCH] PFS runtime check

From: Daniel Kahn Gillmor
Subject: Re: [Bug-wget] [PATCH] PFS runtime check
Date: Sun, 08 Sep 2013 11:36:30 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130821 Icedove/17.0.8

On 09/07/2013 07:01 PM, Giuseppe Scrivano wrote:
> Tim Rühsen <address@hidden> writes:
>> @Giuseppe: Please apply the attached patch.
>> Tim
>> From df5275a504a6d410b084aa9f5023f7638a2731a1 Mon Sep 17 00:00:00 2001
>> From: Tim Ruehsen <address@hidden>
>> Date: Sat, 7 Sep 2013 21:34:37 +0200
>> Subject: [PATCH] PFS runtime check
> Thanks, applied now.

thank you both for your quick work.

After sleeping on it, it occurs to me that some of these changes to the
priority string handling may also end up being backported to older
versions of gnutls, and wget wouldn't be able to take advantage of them
directly in that case.

looking at the docs for gnutls_priority_set_direct(), it says:

  Returns: On syntax error GNUTLS_E_INVALID_REQUEST is returned,
  GNUTLS_E_SUCCESS on success, or an error code.

I haven't tested (sorry!), but it seems like another approach would be
to simply invoke gnutls_priority_set_direct(session, "PFS", NULL); and
if it returns GNUTLS_E_INVALID_REQUEST, then fall back to setting the
"NORMAL:-RSA" string directly.

Knowing that wget could take advantage of such a feature retroactively
might even encourage people doing stable/long-term maintenance of older
versions of GnuTLS to backport this priority string to their stable branch.

Sorry to keep nit-picking on this; i'm very happy to see this option
added to wget.



Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]