interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix DoT with GnuTLS >= 3.6

This commit is contained in:
Willem Toorop 2020-03-05 14:46:32 +01:00
parent c234865a80
commit 26a95b5b8a
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/gnutls/tls.c
View File

@ -102,7 +102,15 @@ static int set_connection_ciphers(_getdns_tls_connection* conn)
char* pri = NULL; char* pri = NULL;
int res; int res;
pri = getdns_priappend(conn->mfs, pri, "NONE:+COMP-ALL:+SIGN-RSA-SHA384"); //pri = getdns_priappend(conn->mfs, pri, "NONE:+COMP-ALL:+SIGN-ALL");
pri = getdns_priappend(conn->mfs, pri, "NONE:+COMP-ALL:+SIGN-ALL"
/* Remove all the weak ones */
":-SIGN-RSA-MD5"
":-SIGN-RSA-SHA1:-SIGN-RSA-SHA224:-SIGN-RSA-SHA256"
":-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256"
":-SIGN-ECDSA-SHA1:-SIGN-ECDSA-SHA224:-SIGN-ECDSA-SHA256"
":-SIGN-RSA-PSS-SHA256"
);
if (conn->cipher_suites) if (conn->cipher_suites)
pri = getdns_priappend(conn->mfs, pri, conn->cipher_suites); pri = getdns_priappend(conn->mfs, pri, conn->cipher_suites);
@ -134,19 +142,17 @@ static int set_connection_ciphers(_getdns_tls_connection* conn)
for (gnutls_protocol_t i = min; i <= max; ++i) for (gnutls_protocol_t i = min; i <= max; ++i)
pri = getdns_priappend(conn->mfs, pri, _getdns_tls_priorities[i]); pri = getdns_priappend(conn->mfs, pri, _getdns_tls_priorities[i]);
} }
if (pri) { if (pri) {
res = gnutls_priority_set_direct(conn->tls, pri, NULL); res = gnutls_priority_set_direct(conn->tls, pri, NULL);
if (res != GNUTLS_E_SUCCESS) {
_getdns_log(conn->log _getdns_log(conn->log
, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR , GETDNS_LOG_UPSTREAM_STATS
, (res == GNUTLS_E_SUCCESS ? GETDNS_LOG_DEBUG : GETDNS_LOG_ERR)
, "%s: %s %s (%s)\n" , "%s: %s %s (%s)\n"
, STUB_DEBUG_SETUP_TLS , STUB_DEBUG_SETUP_TLS
, "Error configuring TLS connection with " , "Configuring TLS connection with "
, pri , pri
, gnutls_strerror(res)); , gnutls_strerror(res));
} }
}
else else
res = gnutls_set_default_priority(conn->tls); res = gnutls_set_default_priority(conn->tls);
GETDNS_FREE(*conn->mfs, pri); GETDNS_FREE(*conn->mfs, pri);