From: Rémi Denis-Courmont <remi@remlab.net>
Date: Sun, 26 Apr 2009 19:08:45 +0000 (+0300)
Subject: GnuTLS: add larger SHAs
X-Git-Tag: 1.0.0-rc1~205
X-Git-Url: https://git.sesse.net/?a=commitdiff_plain;h=7986cb4ac231255e0382f4ead890fca78be58e79;p=vlc

GnuTLS: add larger SHAs
---

diff --git a/configure.ac b/configure.ac
index c172327a56..7130baeef2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5404,7 +5404,7 @@ AC_ARG_ENABLE(gnutls,
   [  --enable-gnutls         gnutls TLS/SSL support (default enabled)])
 
 AS_IF([test "${enable_gnutls}" != "no"], [
-  PKG_CHECK_MODULES(GNUTLS, [gnutls >= 1.3.3], [
+  PKG_CHECK_MODULES(GNUTLS, [gnutls >= 1.7.4], [
     VLC_ADD_PLUGIN([gnutls])
     VLC_ADD_CFLAGS([gnutls], [$GNUTLS_CFLAGS])
     AS_IF([test "${SYS}" = "mingw32"], [
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 9cb27723af..7a0a18a9f5 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -420,6 +420,7 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
     /* Note that ordering matters (on the client side) */
     static const int protos[] =
     {
+        /*GNUTLS_TLS1_2, as of GnuTLS 2.6.5, still not ratified */
         GNUTLS_TLS1_1,
         GNUTLS_TLS1_0,
         GNUTLS_SSL3,
@@ -433,6 +434,9 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
     };
     static const int macs[] =
     {
+        GNUTLS_MAC_SHA512,
+        GNUTLS_MAC_SHA384,
+        GNUTLS_MAC_SHA256,
         GNUTLS_MAC_SHA1,
         GNUTLS_MAC_RMD160, // RIPEMD
         GNUTLS_MAC_MD5,
@@ -446,6 +450,7 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
         GNUTLS_CIPHER_AES_128_CBC,
         GNUTLS_CIPHER_3DES_CBC,
         GNUTLS_CIPHER_ARCFOUR_128,
+        // TODO? Camellia ciphers?
         //GNUTLS_CIPHER_DES_CBC,
         //GNUTLS_CIPHER_ARCFOUR_40,
         //GNUTLS_CIPHER_RC2_40_CBC,