gnutls_certificate_credentials x509_cred;
gnutls_dh_params dh_params;
bool tls_enabled;
+ const char *tls_priority;
};
#endif
return params;
}
+ params->tls_priority = lpcfg_tls_priority(lp_ctx);
+
if (!file_exist(cafile)) {
char *hostname = talloc_asprintf(mem_ctx, "%s.%s",
lpcfg_netbios_name(lp_ctx),
int ret;
struct socket_context *new_sock;
NTSTATUS nt_status;
+ const char *error_pos;
nt_status = socket_create_with_ops(socket_ctx, &tls_socket_ops, &new_sock,
SOCKET_TYPE_STREAM,
talloc_set_destructor(tls, tls_destructor);
- TLSCHECK(gnutls_set_default_priority(tls->session));
+ ret = gnutls_priority_set_direct(tls->session,
+ params->tls_priority,
+ &error_pos);
+ if (ret != GNUTLS_E_SUCCESS) {
+ DEBUG(0,("TLS %s - %s. Check 'tls priority' option at '%s'\n",
+ __location__, gnutls_strerror(ret), error_pos));
+ talloc_free(new_sock);
+ return NULL;
+ }
+
TLSCHECK(gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE,
params->x509_cred));
gnutls_certificate_server_set_request(tls->session, GNUTLS_CERT_REQUEST);