From: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Date: Fri, 22 May 2015 11:16:30 +0000 (+0000)
Subject: Fix compile error...
X-Git-Tag: v2.2b1~292
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=838bcb929272945f47b38f33ff4157ab1be406a7;p=thirdparty%2Fcups.git

Fix compile error...

Drop optimization for default TLS options; better to ensure we get consistent
priority string values here than to save a few nanoseconds (previous optimized
value was wrong...)


git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12653 a1ca3aef-8c08-0410-bb20-df032aa958be
---

diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index d78a5d63c3..b4271987cb 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1208,26 +1208,21 @@ _httpTLSStart(http_t *http)		/* I - Connection to server */
     return (-1);
   }
 
-  if (!tls_options)
-    strlcpy(priority_string, "NORMAL:-ARCFOUR-128:+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string));
+  strlcpy(priority_string, "NORMAL", sizeof(priority_string));
+
+  if (tls_options & _HTTP_TLS_DENY_TLS10)
+    strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0", sizeof(priority_string));
+  else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+    strlcat(priority_string, ":+VERS-TLS-ALL", sizeof(priority_string));
   else
-  {
-    strlcpy(priority_string, "NORMAL", sizeof(priority_string));
+    strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string));
 
-    if (tls_options & _HTTP_TLS_DENY_TLS10)
-      strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0", sizeof(priority_string);
-    else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
-      strlcat(priority_string, ":+VERS-TLS-ALL", sizeof(priority_string);
-    else
-      strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string);
+  if (!(tls_options & _HTTP_TLS_ALLOW_RC4))
+    strlcat(priority_string, ":-ARCFOUR-128", sizeof(priority_string));
 
-    if (!(tls_options & _HTTP_TLS_ALLOW_RC4))
-      strlcat(priority_string, ":-ARCFOUR-128", sizeof(priority_string));
+  if (!(tls_options & _HTTP_TLS_ALLOW_DH))
+    strlcat(priority_string, ":!DHE-RSA:!DHE-DSS:!ANON-DH", sizeof(priority_string));
 
-    if (!(tls_options & _HTTP_TLS_ALLOW_DH))
-      strlcat(priority_string, ":!DHE-RSA:!DHE-DSS:!ANON-DH", sizeof(priority_string));
-  }
-  
 #ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT
   gnutls_priority_set_direct(http->tls, priority_string, NULL);