8 files changed, 42 insertions, 14 deletions

diff --git a/ChangeLog b/ChangeLog
index 2c6e1fdf1..f94093911 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,11 @@
 WeeChat - Wee Enhanced Environment for Chat
 ===========================================
 
-ChangeLog - 2007-05-02
+ChangeLog - 2007-05-04
 
 
 Version 0.2.5 (under dev!):
+   * added protocol priority for gnutls (patch #5915)
    * added channel admin mode '!' for some IRC servers
    * fixed bug with iso2022jp locale (bug #18719)
    * fixed string format bug when displaying string thru plugin script API
diff --git a/src/common/session.c b/src/common/session.c
index f60f0f9de..2d62f6450 100644
--- a/src/common/session.c
+++ b/src/common/session.c
@@ -825,7 +825,6 @@ session_load_server (FILE *file)
     void *session_data;
     size_t session_size;
     int session_size_int;
-    const int cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
 #endif
     
     /* read server name */
@@ -958,7 +957,8 @@ session_load_server (FILE *file)
                     return 0;
                 }
                 gnutls_set_default_priority (session_current_server->gnutls_sess);
-                gnutls_certificate_type_set_priority (session_current_server->gnutls_sess, cert_type_prio);
+                gnutls_certificate_type_set_priority (session_current_server->gnutls_sess, gnutls_cert_type_prio);
+                gnutls_protocol_set_priority (session_current_server->gnutls_sess, gnutls_prot_prio);
                 gnutls_credentials_set (session_current_server->gnutls_sess, GNUTLS_CRD_CERTIFICATE, gnutls_xcred);
                 session_data = NULL;
                 rc = rc && (session_read_buf_alloc (file, &session_data, &session_size_int));
diff --git a/src/irc/irc-server.c b/src/irc/irc-server.c
index 549350c50..78175dc81 100644
--- a/src/irc/irc-server.c
+++ b/src/irc/irc-server.c
@@ -64,6 +64,17 @@ int check_away = 0;
 
 char *nick_modes = "aiwroOs";
 
+#ifdef HAVE_GNUTLS
+const int gnutls_cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+#if LIBGNUTLS_VERSION_NUMBER >= 0x010700
+    const int gnutls_prot_prio[] = { GNUTLS_TLS1_2, GNUTLS_TLS1_1,
+                                     GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
+#else
+    const int gnutls_prot_prio[] = { GNUTLS_TLS1_1, GNUTLS_TLS1_0,
+                                     GNUTLS_SSL3, 0 };
+#endif
+#endif
+
 
 /*
  * server_init: init server struct with default values
@@ -1730,9 +1741,6 @@ server_connect (t_irc_server *server)
 {
     int child_pipe[2], set;
     pid_t pid;
-#ifdef HAVE_GNUTLS
-    const int cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-#endif
     
 #ifndef HAVE_GNUTLS
     if (server->ssl)
@@ -1790,7 +1798,8 @@ server_connect (t_irc_server *server)
             return 0;
         }
         gnutls_set_default_priority (server->gnutls_sess);
-        gnutls_certificate_type_set_priority (server->gnutls_sess, cert_type_prio);
+        gnutls_certificate_type_set_priority (server->gnutls_sess, gnutls_cert_type_prio);
+        gnutls_protocol_set_priority (server->gnutls_sess, gnutls_prot_prio);
         gnutls_credentials_set (server->gnutls_sess, GNUTLS_CRD_CERTIFICATE, gnutls_xcred);
         server->ssl_connected = 1;
     }
diff --git a/src/irc/irc.h b/src/irc/irc.h
index 25f608f54..8eb26cb4c 100644
--- a/src/irc/irc.h
+++ b/src/irc/irc.h
@@ -345,6 +345,10 @@ struct t_irc_ignore
 
 extern t_irc_command irc_commands[];
 extern t_irc_server *irc_servers;
+#ifdef HAVE_GNUTLS
+extern const int gnutls_cert_type_prio[];
+extern const int gnutls_prot_prio[];
+#endif
 extern t_irc_message *recv_msgq, *msgq_last_msg;
 extern int check_away;
 extern t_irc_dcc *dcc_list;
diff --git a/weechat/ChangeLog b/weechat/ChangeLog
index 2c6e1fdf1..f94093911 100644
--- a/weechat/ChangeLog
+++ b/weechat/ChangeLog
@@ -1,10 +1,11 @@
 WeeChat - Wee Enhanced Environment for Chat
 ===========================================
 
-ChangeLog - 2007-05-02
+ChangeLog - 2007-05-04
 
 
 Version 0.2.5 (under dev!):
+   * added protocol priority for gnutls (patch #5915)
    * added channel admin mode '!' for some IRC servers
    * fixed bug with iso2022jp locale (bug #18719)
    * fixed string format bug when displaying string thru plugin script API
diff --git a/weechat/src/common/session.c b/weechat/src/common/session.c
index f60f0f9de..2d62f6450 100644
--- a/weechat/src/common/session.c
+++ b/weechat/src/common/session.c
@@ -825,7 +825,6 @@ session_load_server (FILE *file)
     void *session_data;
     size_t session_size;
     int session_size_int;
-    const int cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
 #endif
     
     /* read server name */
@@ -958,7 +957,8 @@ session_load_server (FILE *file)
                     return 0;
                 }
                 gnutls_set_default_priority (session_current_server->gnutls_sess);
-                gnutls_certificate_type_set_priority (session_current_server->gnutls_sess, cert_type_prio);
+                gnutls_certificate_type_set_priority (session_current_server->gnutls_sess, gnutls_cert_type_prio);
+                gnutls_protocol_set_priority (session_current_server->gnutls_sess, gnutls_prot_prio);
                 gnutls_credentials_set (session_current_server->gnutls_sess, GNUTLS_CRD_CERTIFICATE, gnutls_xcred);
                 session_data = NULL;
                 rc = rc && (session_read_buf_alloc (file, &session_data, &session_size_int));
diff --git a/weechat/src/irc/irc-server.c b/weechat/src/irc/irc-server.c
index 549350c50..78175dc81 100644
--- a/weechat/src/irc/irc-server.c
+++ b/weechat/src/irc/irc-server.c
@@ -64,6 +64,17 @@ int check_away = 0;
 
 char *nick_modes = "aiwroOs";
 
+#ifdef HAVE_GNUTLS
+const int gnutls_cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+#if LIBGNUTLS_VERSION_NUMBER >= 0x010700
+    const int gnutls_prot_prio[] = { GNUTLS_TLS1_2, GNUTLS_TLS1_1,
+                                     GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
+#else
+    const int gnutls_prot_prio[] = { GNUTLS_TLS1_1, GNUTLS_TLS1_0,
+                                     GNUTLS_SSL3, 0 };
+#endif
+#endif
+
 
 /*
  * server_init: init server struct with default values
@@ -1730,9 +1741,6 @@ server_connect (t_irc_server *server)
 {
     int child_pipe[2], set;
     pid_t pid;
-#ifdef HAVE_GNUTLS
-    const int cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-#endif
     
 #ifndef HAVE_GNUTLS
     if (server->ssl)
@@ -1790,7 +1798,8 @@ server_connect (t_irc_server *server)
             return 0;
         }
         gnutls_set_default_priority (server->gnutls_sess);
-        gnutls_certificate_type_set_priority (server->gnutls_sess, cert_type_prio);
+        gnutls_certificate_type_set_priority (server->gnutls_sess, gnutls_cert_type_prio);
+        gnutls_protocol_set_priority (server->gnutls_sess, gnutls_prot_prio);
         gnutls_credentials_set (server->gnutls_sess, GNUTLS_CRD_CERTIFICATE, gnutls_xcred);
         server->ssl_connected = 1;
     }
diff --git a/weechat/src/irc/irc.h b/weechat/src/irc/irc.h
index 25f608f54..8eb26cb4c 100644
--- a/weechat/src/irc/irc.h
+++ b/weechat/src/irc/irc.h
@@ -345,6 +345,10 @@ struct t_irc_ignore
 
 extern t_irc_command irc_commands[];
 extern t_irc_server *irc_servers;
+#ifdef HAVE_GNUTLS
+extern const int gnutls_cert_type_prio[];
+extern const int gnutls_prot_prio[];
+#endif
 extern t_irc_message *recv_msgq, *msgq_last_msg;
 extern int check_away;
 extern t_irc_dcc *dcc_list;