23 May
2011
23 May
'11
4:48 p.m.
On 05/23/2011 11:54 AM, Daniel P. Berrange wrote:
Try gnutls_priority_set. What did you use gnutls_certificate_type_set_priority for? It is rare to really need it, a call to gnutls_set_default_priority() is usually sufficient. Agreed, our current use of gnutls_certificate_type_set_priority is bogus and can/should be removed, leaving just set_default_priority calls.
If you expect random (other than gnutls/openssl/nss) TLS implementations to connect to you (or you plan to connect to them), then the set_default_priority() might not be enough. I tried to sketch the reasons at: http://www.gnu.org/software/gnutls/manual/html_node/Compatibility-Issues.htm... In those cases you might want to have some options configurable. regards, Nikos