diff options
Diffstat (limited to 'source4/lib/tls/tls_tstream.c')
-rw-r--r-- | source4/lib/tls/tls_tstream.c | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c index 55bca036776..d984addeec5 100644 --- a/source4/lib/tls/tls_tstream.c +++ b/source4/lib/tls/tls_tstream.c @@ -1035,16 +1035,26 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - ret = gnutls_priority_set_direct(tlss->tls_session, - tls_params->tls_priority, - &error_pos); + ret = gnutls_set_default_priority(tlss->tls_session); if (ret != GNUTLS_E_SUCCESS) { - DEBUG(0,("TLS %s - %s. Check 'tls priority' option at '%s'\n", - __location__, gnutls_strerror(ret), error_pos)); + DBG_ERR("TLS %s - %s. Failed to set default priorities\n", + __location__, gnutls_strerror(ret)); tevent_req_error(req, EINVAL); return tevent_req_post(req, ev); } + if (strlen(tls_params->tls_priority) > 0) { + ret = gnutls_priority_set_direct(tlss->tls_session, + tls_params->tls_priority, + &error_pos); + if (ret != GNUTLS_E_SUCCESS) { + DEBUG(0,("TLS %s - %s. Check 'tls priority' option at '%s'\n", + __location__, gnutls_strerror(ret), error_pos)); + tevent_req_error(req, EINVAL); + return tevent_req_post(req, ev); + } + } + ret = gnutls_credentials_set(tlss->tls_session, GNUTLS_CRD_CERTIFICATE, tls_params->x509_cred); @@ -1284,16 +1294,26 @@ struct tevent_req *_tstream_tls_accept_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - ret = gnutls_priority_set_direct(tlss->tls_session, - tlsp->tls_priority, - &error_pos); + ret = gnutls_set_default_priority(tlss->tls_session); if (ret != GNUTLS_E_SUCCESS) { - DEBUG(0,("TLS %s - %s. Check 'tls priority' option at '%s'\n", - __location__, gnutls_strerror(ret), error_pos)); + DBG_ERR("TLS %s - %s. Failed to set default priorities\n", + __location__, gnutls_strerror(ret)); tevent_req_error(req, EINVAL); return tevent_req_post(req, ev); } + if (strlen(tlsp->tls_priority) > 0) { + ret = gnutls_priority_set_direct(tlss->tls_session, + tlsp->tls_priority, + &error_pos); + if (ret != GNUTLS_E_SUCCESS) { + DEBUG(0,("TLS %s - %s. Check 'tls priority' option at '%s'\n", + __location__, gnutls_strerror(ret), error_pos)); + tevent_req_error(req, EINVAL); + return tevent_req_post(req, ev); + } + } + ret = gnutls_credentials_set(tlss->tls_session, GNUTLS_CRD_CERTIFICATE, tlsp->x509_cred); if (ret != GNUTLS_E_SUCCESS) { |