TLS: use application-specific system-wide configuration with fallbacks

Implemented more flexible GnuTLS priorities string initialisation. Now
MHD tries to use "@LIBMICROHTTPD" configuration at first, so all
MHD instances on particular system can be configured by specifying the
string like "LIBMICROHTTPD = ..." in GnuTLS system-wide configuration.
For example "LIBMICROHTTPD = NORMAL:-VERS-TLS1.0:-VERS-TLS1.1" could be
used to disable TLS v1.0 and TLS v1.1 for all MHD instances.
If application-specific configuration is not available, then default
"@SYSTEM" run-time configuration is used.
If "@SYSTEM" is not defined, then GnuTLS build-time default string
is used.
Standard "NORMAL" configuration is used if everything else fails.

1 files changed, 10 insertions, 3 deletions

diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 63afc9e0..94e6095c 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
  * they are parsed as decimal numbers.
  * Example: 0x01093001 = 1.9.30-1.
  */
-#define MHD_VERSION 0x00097540
+#define MHD_VERSION 0x00097541
 
 /* If generic headers don't work on your platform, include headers
    which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -1732,8 +1732,15 @@ enum MHD_OPTION
   MHD_OPTION_HTTPS_CRED_TYPE = 10,
 
   /**
-   * Memory pointer to a `const char *` specifying the
-   * cipher algorithm (default: "NORMAL").
+   * Memory pointer to a `const char *` specifying the GnuTLS priorities string.
+   * If this options is not specified, then MHD will try the following strings:
+   * * "@LIBMICROHTTPD" (application-specific system-wide configuration)
+   * * "@SYSTEM"        (system-wide configuration)
+   * * default GnuTLS priorities string
+   * * "NORMAL"
+   * The first configuration accepted by GnuTLS will be used.
+   * For more details see GnuTLS documentation for "Application-specific
+   * priority strings".
    */
   MHD_OPTION_HTTPS_PRIORITIES = 11,