01/01: download: Add "%COMPAT" to the priority string.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: download: Add "%COMPAT" to the priority string.

From:	Ludovic Court�s
Subject:	01/01: download: Add "%COMPAT" to the priority string.
Date:	Wed, 20 Apr 2016 11:17:59 +0000

civodul pushed a commit to branch master
in repository guix.

commit 967ee481e893fd77ff8ca896188e20e425331bf2
Author: Ludovic Courtès <address@hidden>
Date:   Wed Apr 20 13:12:57 2016 +0200

    download: Add "%COMPAT" to the priority string.
    
    Fixes <http://bugs.gnu.org/23311>.
    
    * guix/build/download.scm (tls-wrap): Add 'set-session-priorities!' call.
---
 guix/build/download.scm |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/guix/build/download.scm b/guix/build/download.scm
index bd354a6..e00fa04 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -274,6 +274,13 @@ host name without trailing dot."
 
     (set-session-transport-fd! session (fileno port))
     (set-session-default-priority! session)
+
+    ;; The "%COMPAT" bit allows us to work around firewall issues (info
+    ;; "(gnutls) Priority Strings"); see <http://bugs.gnu.org/23311>.
+    ;; Explicitly disable SSLv3, which is insecure:
+    ;; <https://tools.ietf.org/html/rfc7568>.
+    (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0")
+
     (set-session-credentials! session (make-certificate-credentials))
 
     ;; Uncomment the following lines in case of debugging emergency.

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (083b3a0 -> 967ee48), Ludovic Court�s, 2016/04/20
- 01/01: download: Add "%COMPAT" to the priority string., Ludovic Court�s <=

Prev by Date: branch master updated (083b3a0 -> 967ee48)
Next by Date: branch master updated (967ee48 -> 458b47e)
Previous by thread: branch master updated (083b3a0 -> 967ee48)
Next by thread: branch master updated (967ee48 -> 458b47e)
Index(es):
- Date
- Thread