From: Tim Ruehsen <tim.ruehsen@gmx.de>
Date: Sat, 7 Sep 2013 19:34:37 +0000 (+0200)
Subject: PFS runtime check
X-Git-Tag: v1.15~22
X-Git-Url: http://sjero.net/git/?p=wget;a=commitdiff_plain;h=e1fc2057c7cb9cfc559dfbab44c96a9739e3328c

PFS runtime check
---

diff --git a/src/ChangeLog b/src/ChangeLog
index ee7a53e4..787c9c60 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2013-09-07  Tim Ruehsen  <tim.ruehsen@gmx.de>
+
+	* gnutls.c (ssl_connect_wget): use gnutls_check_version()
+	  to check if option "PFS" is available
+	  Reported by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
 2013-09-03  Tim Ruehsen  <tim.ruehsen@gmx.de>
 
 	* main.c: Add new value 'PFS' to --secure-protocol to
diff --git a/src/gnutls.c b/src/gnutls.c
index ce61d065..94dfaedd 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -443,11 +443,10 @@ ssl_connect_wget (int fd, const char *hostname)
       err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL);
       break;
     case secure_protocol_pfs:
-#if defined (GNUTLS_VERSION_NUMBER) && GNUTLS_VERSION_NUMBER >= 0x030204
-      err = gnutls_priority_set_direct (session, "PFS", NULL);
-#else
-      err = gnutls_priority_set_direct (session, "NORMAL:-RSA", NULL);
-#endif
+      if (gnutls_check_version("3.2.4"))
+        err = gnutls_priority_set_direct (session, "PFS", NULL);
+      else
+        err = gnutls_priority_set_direct (session, "NORMAL:-RSA", NULL);
       break;
     default:
       abort ();