-/* $Cambridge: exim/src/src/tls-gnu.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/tls-gnu.c,v 1.4 2005/01/04 10:00:42 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2004 */
+/* Copyright (c) University of Cambridge 1995 - 2005 */
/* See the file NOTICE for conditions of use and distribution. */
/* This module provides TLS (aka SSL) support for Exim using the GnuTLS
0 };
static int default_cipher_priority[16] = {
- GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_CIPHER_AES_256_CBC,
GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_ARCFOUR_40,
+ GNUTLS_CIPHER_ARCFOUR_128,
0 };
static int cipher_priority[16];
cert_expanded, key_expanded);
rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
CS key_expanded, GNUTLS_X509_FMT_PEM);
- if (rc < 0) return tls_error(US"cert/key setup", host, rc);
+ if (rc < 0)
+ {
+ uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
+ cert_expanded, key_expanded);
+ return tls_error(msg, host, rc);
+ }
}
/* A certificate is mandatory in a server, but not in a client */