[pve-devel] [PATCH vncterm 2/5] use builtin dh_params with newer gnutls
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Feb 2 10:13:06 CET 2017
this is recommended instead of generating our own, but needs
a new enough gnutls version.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
vncterm.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/vncterm.c b/vncterm.c
index 0e33791..0614e4b 100644
--- a/vncterm.c
+++ b/vncterm.c
@@ -256,7 +256,11 @@ tls_initialize_anon_cred(void)
return NULL;
}
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+ gnutls_anon_set_server_known_dh_params(anon_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
gnutls_anon_set_server_dh_params(anon_cred, dh_params);
+#endif
return anon_cred;
}
@@ -290,8 +294,13 @@ tls_initialize_x509_cred(void)
gnutls_certificate_free_credentials(x509_cred);
return NULL;
}
-
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+ /* only available since GnuTLS 3.5.6, on previous versions see
+ * gnutls_certificate_set_dh_params(). */
+ gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
gnutls_certificate_set_dh_params (x509_cred, dh_params);
+#endif
return x509_cred;
}
--
2.1.4
More information about the pve-devel
mailing list