Priority strings
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Feb 27 23:59:01 CET 2011
On 02/27/2011 07:59 PM, Ludovic Courtès wrote:
> Hello!
>
> I updated the Guile bindings in ‘master’ to wrap
> ‘gnutls_priority_set_direct’ and deprecate the old method.
>
> However, could someone help me convert the test cases to use priority
> strings?
>
> For instance, ‘anonymous-auth.scm’ uses these priorities, after a
> ‘gnutls_set_default_priority’:
>
> (define %protos (list protocol/tls-1.0)) (define %certs '())
> (define %ciphers (list cipher/null cipher/arcfour cipher/aes-128-cbc
> cipher/aes-256-cbc)) (define %kx (list kx/anon-dh)) (define
> %macs (list mac/sha1 mac/rmd160 mac/md5))
>
> What would be the corresponding priority string?
You could use something like that:
NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH
To enable anonymous DH and the defaults for the others. If you want
to explicitly specify AES, replace +CIPHER-ALL with +AES-128-CBC etc.
> Besides, while the old method was more verbose, it allowed
> programming errors to be spotted more easily (in the Guile bindings,
> you would get a type error if trying to use a MAC name when setting
> the cipher priority, for instance.) Could it coexist alongside
> priority strings?
No the old priority functions will be marked as deprecated and may be
removed. I cannot understand though how the error you describe apply
to that interface. If there is a typo or so, it will be returned by the
set_direct function.
regards,
Nikos
More information about the Gnutls-devel
mailing list