GnuTLS: add larger SHAs

diff --git a/configure.ac b/configure.ac
index c172327a5678c83eae4e9f51dcfefed69dd8a18e..7130baeef27595ae338ae115835cdc573785e86e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -5404,7 +5404,7 @@ AC_ARG_ENABLE(gnutls,
   [  --enable-gnutls         gnutls TLS/SSL support (default enabled)])
 
 AS_IF([test "${enable_gnutls}" != "no"], [
-  PKG_CHECK_MODULES(GNUTLS, [gnutls >= 1.3.3], [
+  PKG_CHECK_MODULES(GNUTLS, [gnutls >= 1.7.4], [
     VLC_ADD_PLUGIN([gnutls])
     VLC_ADD_CFLAGS([gnutls], [$GNUTLS_CFLAGS])
     AS_IF([test "${SYS}" = "mingw32"], [

diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 9cb27723afec4e0c8c9b694b1ef1fddd60b4f70f..7a0a18a9f54dd3c50cc4e3c17a24664a6b38302c 100644 (file)
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -420,6 +420,7 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
     /* Note that ordering matters (on the client side) */
     static const int protos[] =
     {
+        /*GNUTLS_TLS1_2, as of GnuTLS 2.6.5, still not ratified */
         GNUTLS_TLS1_1,
         GNUTLS_TLS1_0,
         GNUTLS_SSL3,
@@ -433,6 +434,9 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
     };
     static const int macs[] =
     {
+        GNUTLS_MAC_SHA512,
+        GNUTLS_MAC_SHA384,
+        GNUTLS_MAC_SHA256,
         GNUTLS_MAC_SHA1,
         GNUTLS_MAC_RMD160, // RIPEMD
         GNUTLS_MAC_MD5,
@@ -446,6 +450,7 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
         GNUTLS_CIPHER_AES_128_CBC,
         GNUTLS_CIPHER_3DES_CBC,
         GNUTLS_CIPHER_ARCFOUR_128,
+        // TODO? Camellia ciphers?
         //GNUTLS_CIPHER_DES_CBC,
         //GNUTLS_CIPHER_ARCFOUR_40,
         //GNUTLS_CIPHER_RC2_40_CBC,