diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2020-02-23 22:35:22 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2020-02-23 22:59:14 +0000 |
commit | c1cea16d93da8e47aa0d29e79d9b854cf2c50951 (patch) | |
tree | 956deec7f683f648987cccdd89db0092389d037f | |
parent | 017de05c182145de9b46b5f8e730d928bd30abb3 (diff) |
GnuTLS: avoid hang in older library, in selfsigned-cert creation
-rw-r--r-- | src/src/tls-gnu.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index e28ad9b9d..f2fbeab32 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -53,6 +53,9 @@ require current GnuTLS, then we'll drop support for the ancient libraries). # warning "GnuTLS library version too old; tls:cert event unsupported" # define DISABLE_EVENT #endif +#if GNUTLS_VERSION_NUMBER >= 0x030000 +# define SUPPORT_SELFSIGN /* Uncertain what version is first usable but 2.12.23 is not */ +#endif #if GNUTLS_VERSION_NUMBER >= 0x030306 # define SUPPORT_CA_DIR #else @@ -824,13 +827,19 @@ gnutls_x509_privkey_t pkey = NULL; const uschar * where; int rc; +#ifndef SUPPORT_SELFSIGN +where = US"library too old"; +rc = GNUTLS_E_NO_CERTIFICATE_FOUND; +if (TRUE) goto err; +#endif + where = US"initialising pkey"; if ((rc = gnutls_x509_privkey_init(&pkey))) goto err; where = US"initialising cert"; if ((rc = gnutls_x509_crt_init(&cert))) goto err; -where = US"generating pkey"; +where = US"generating pkey"; /* Hangs on 2.12.23 */ if ((rc = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_RSA, #ifdef SUPPORT_PARAM_TO_PK_BITS # ifndef GNUTLS_SEC_PARAM_MEDIUM |