(1) Typo in redirect router; (2) Update version number; (3) Update

[exim.git] / src / src / tls-gnu.c

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 14a11ed56e6a61a13bc3a41c637d301da73a699c..4a8355003b04d774b986a15b6f381570103b83d2 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1,10 +1,10 @@
-/* $Cambridge: exim/src/src/tls-gnu.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/tls-gnu.c,v 1.4 2005/01/04 10:00:42 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2004 */
+/* Copyright (c) University of Cambridge 1995 - 2005 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* This module provides TLS (aka SSL) support for Exim using the GnuTLS
@@ -59,10 +59,10 @@ static const int kx_priority[16] = {
   0 };
 
 static int default_cipher_priority[16] = {
-  GNUTLS_CIPHER_ARCFOUR_128,
+  GNUTLS_CIPHER_AES_256_CBC,
   GNUTLS_CIPHER_AES_128_CBC,
   GNUTLS_CIPHER_3DES_CBC,
-  GNUTLS_CIPHER_ARCFOUR_40,
+  GNUTLS_CIPHER_ARCFOUR_128,
   0 };
 
 static int cipher_priority[16];
@@ -461,7 +461,12 @@ if (cert_expanded != NULL)
     cert_expanded, key_expanded);
   rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
     CS key_expanded, GNUTLS_X509_FMT_PEM);
-  if (rc < 0) return tls_error(US"cert/key setup", host, rc);
+  if (rc < 0) 
+    {
+    uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
+      cert_expanded, key_expanded); 
+    return tls_error(msg, host, rc);
+    } 
   }
 
 /* A certificate is mandatory in a server, but not in a client */