[pve-devel] [PATCH vncterm 2/5] use builtin dh_params with newer gnutls

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Feb 2 10:13:06 CET 2017


this is recommended instead of generating our own, but needs
a new enough gnutls version.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 vncterm.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/vncterm.c b/vncterm.c
index 0e33791..0614e4b 100644
--- a/vncterm.c
+++ b/vncterm.c
@@ -256,7 +256,11 @@ tls_initialize_anon_cred(void)
 		return NULL;
 	}
 
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+	gnutls_anon_set_server_known_dh_params(anon_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
 	gnutls_anon_set_server_dh_params(anon_cred, dh_params);
+#endif
 
 	return anon_cred;
 }
@@ -290,8 +294,13 @@ tls_initialize_x509_cred(void)
 		gnutls_certificate_free_credentials(x509_cred);
 		return NULL;
 	}
-
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+	/* only available since GnuTLS 3.5.6, on previous versions see
+	 * gnutls_certificate_set_dh_params(). */
+	gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
 	gnutls_certificate_set_dh_params (x509_cred, dh_params);
+#endif
 
 	return x509_cred;
 }
-- 
2.1.4





More information about the pve-devel mailing list