From 9dfc6cdd4e2ce03935acc47326ad9b7c2132fe24 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 28 Nov 2023 16:59:31 +0530
Subject: [PATCH] Prefer system priority as default over noraml priority.

Use priority settings from @SYSTEM (/etc/gnutls/default-priorities)
which is user configurable, if it's not present then fallback to NORMAL
priority which gets set during build time.

Makes sense to follow this approach when we want to tweak the policy
depending on security needs of the system.

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
 lib/priority.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/priority.c b/lib/priority.c
index d84af07..8d0d57a 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -3134,11 +3134,16 @@ int gnutls_priority_init(gnutls_priority_t *priority_cache,
 		priorities = "@" LEVEL_SYSTEM;
 	}
 	if (priorities == NULL) {
-		priorities = _gnutls_default_priority_string;
+        priorities = "@SYSTEM";
 		resolved_match = 0;
 	}
 
 	darg = _gnutls_resolve_priorities(priorities);
+    if (!darg && !resolved_match) {
+        priorities = "NORMAL";
+        darg = _gnutls_resolve_priorities(priorities);
+    }
+
 	if (darg == NULL) {
 		gnutls_assert();
 		goto error;
-- 
2.25.1