Accept GNUTLS priority in configuration file.

This will allow sysadmins that require bad clients to connect using
priority "NORMAL:%COMPAT", for example. This was seem to be required by
Nokia phones, for example.

diff --git a/hcconn_ssl.c b/hcconn_ssl.c
index aaf8037..f1e98fb 100644 (file)
--- a/hcconn_ssl.c
+++ b/hcconn_ssl.c
@@ -262,3 +262,11 @@ hc_conn_set_driver_ssl_server (HCConn *conn, HCConn *lowconn)
 {
   return hc_conn_set_driver_ssl (conn, lowconn, 1);
 }
+
+void
+hc_conn_ssl_server_set_priority (HCConn *conn, char *priority)
+{
+  struct ssl_data *ssl;
+  ssl = conn->layer;
+  gnutls_priority_set_direct (ssl->session, priority, NULL);
+}

diff --git a/hcconn_ssl.h b/hcconn_ssl.h
index 2e1d500..b471963 100644 (file)
--- a/hcconn_ssl.h
+++ b/hcconn_ssl.h
@@ -25,5 +25,6 @@
 int hc_conn_set_driver_ssl_client (HCConn *, HCConn *);
 int hc_conn_set_driver_ssl_server (HCConn *, HCConn *);
 void * hc_conn_ssl_server_init_credentials (char *, char *);
+void hc_conn_ssl_server_set_priority (HCConn *, char *);
 
 #endif

diff --git a/popproxy.c b/popproxy.c
index e2a58a3..47c2e94 100644 (file)
--- a/popproxy.c
+++ b/popproxy.c
@@ -42,6 +42,7 @@ struct pop_address
   char *server;
   char *port;
   int ssl;
+  char *priority;
 };
 
 static HCConn *
@@ -79,7 +80,7 @@ server_conn_new (char *server, char *port, int ssl)
 }
 
 static HCConn *
-client_conn_new (int fd)
+client_conn_new (int fd, struct pop_address *address)
 {
   HCConn *conn;
   HCConn *ssl_conn;
@@ -93,8 +94,12 @@ client_conn_new (int fd)
       close (fd);
       return NULL;
     }
+
   ssl_conn = hc_conn_new (NULL, NULL);
   hc_conn_set_driver_ssl_server (ssl_conn, conn);
+  if (address && address->priority)
+    hc_conn_ssl_server_set_priority (ssl_conn, address->priority);
+
   if (r != 0)
     {
       hc_conn_close (ssl_conn);
@@ -169,7 +174,7 @@ new_client (int fd, struct sockaddr *addr, socklen_t saddr, gpointer data)
   g_message ("Received connection from %s.",
              inet_ntoa (((struct sockaddr_in *) addr)->sin_addr));
 
-  client_conn = client_conn_new (fd);
+  client_conn = client_conn_new (fd, address);
   if (client_conn == NULL)
     {
       return;
@@ -203,6 +208,7 @@ int main (int argc, char **argv)
   gchar *server_address;
   gchar *server_port;
   int server_ssl;
+  gchar *server_priority;
   gchar *certfile;
   gchar *ssl_keyfile;
   gchar *policy;
@@ -297,6 +303,14 @@ int main (int argc, char **argv)
       server_ssl = 0;
       g_error_free (error);
     }
+  error = NULL;
+  server_priority = g_key_file_get_string (keyfile, "global", "priority",
+                                           &error);
+  if (server_priority == NULL && error != NULL)
+    {
+      server_priority = g_strdup ("NORMAL");
+      g_error_free (error);
+    }
 
   error = NULL;
   policy = g_key_file_get_string (keyfile, "global", "policy",
@@ -315,6 +329,7 @@ int main (int argc, char **argv)
   pop_address.server = server_address;
   pop_address.port = server_port;
   pop_address.ssl = server_ssl;
+  pop_address.priority = server_priority;
 
   server_fd = hc_tcp_server (port);
   if (server_fd < 0)

diff --git a/popproxy.conf b/popproxy.conf
index 54675f2..6cea4b2 100644 (file)
--- a/popproxy.conf
+++ b/popproxy.conf
@@ -8,3 +8,4 @@ server_ssl = 1
 certfile = cert.pem
 keyfile = key.pem
 policy = allow
+priority = NORMAL