diff options
| author | Philip Hazel <ph10@hermes.cam.ac.uk> | 2006-10-16 10:58:39 +0000 |
|---|---|---|
| committer | Philip Hazel <ph10@hermes.cam.ac.uk> | 2006-10-16 10:58:39 +0000 |
| commit | 411ef850bbc5eba056d314edef8124105d480a4a (patch) | |
| tree | 7ec026513fadcb267edffed3af23d56e2e091d00 /src | |
| parent | 602e59e5b8de4b1bf6617437156ae619ea55a569 (diff) | |
Florian Weimer's patch to remove the unwanted and unused support for
RSA_EXPORT from the GnuTLS code.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ACKNOWLEDGMENTS | 6 | ||||
| -rw-r--r-- | src/src/tls-gnu.c | 49 |
2 files changed, 11 insertions, 44 deletions
diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS index d5c19bce6..049e30969 100644 --- a/src/ACKNOWLEDGMENTS +++ b/src/ACKNOWLEDGMENTS @@ -1,4 +1,4 @@ -$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.57 2006/10/03 15:11:22 ph10 Exp $ +$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.58 2006/10/16 10:58:40 ph10 Exp $ EXIM ACKNOWLEDGEMENTS @@ -20,7 +20,7 @@ relatively small patches. Philip Hazel Lists created: 20 November 2002 -Last updated: 03 October 2006 +Last updated: 16 October 2006 THE OLD LIST @@ -252,6 +252,8 @@ Matthias Waffenschmidt Patch for build-time Perl bug in configure script Norihisa Washitake Suggested patch for RFC 2047 header decoding Chris Webb Patch for support of an SPF lookup method. Florian Weimer Patch for minor format string issue + Noticing the unwanted (and time-wasting) GnuTLS + RSA_EXPORT code, and supplying a patch to remove it Joachim Wieland Patches for PostgreSQL socket support and other PostgreSQL functionality Patch for hosts_avoid_esmtp diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 31f226b4e..98aea4451 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/tls-gnu.c,v 1.12 2006/02/14 14:12:07 ph10 Exp $ */ +/* $Cambridge: exim/src/src/tls-gnu.c,v 1.13 2006/10/16 10:58:40 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -23,7 +23,6 @@ functions from the GnuTLS library. */ #define UNKNOWN_NAME "unknown" #define DH_BITS 768 -#define RSA_BITS 512 #define PARAM_SIZE 2*1024 @@ -37,7 +36,6 @@ enum { INITIALIZED_NOT, INITIALIZED_SERVER, INITIALIZED_CLIENT }; static BOOL initialized = INITIALIZED_NOT; static host_item *client_host; -static gnutls_rsa_params rsa_params = NULL; static gnutls_dh_params dh_params = NULL; static gnutls_certificate_server_credentials x509_cred = NULL; @@ -57,7 +55,6 @@ static const int kx_priority[16] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, - GNUTLS_KX_RSA_EXPORT, 0 }; static int default_cipher_priority[16] = { @@ -262,9 +259,6 @@ uschar filename[200]; /* Initialize the data structures for holding the parameters */ -ret = gnutls_rsa_params_init(&rsa_params); -if (ret < 0) return tls_error(US"init rsa_params", host, ret); - ret = gnutls_dh_params_init(&dh_params); if (ret < 0) return tls_error(US"init dh_params", host, ret); @@ -298,20 +292,9 @@ if (fd >= 0) return tls_error(US"TLS cache read failed", host, 0); (void)close(fd); - ret = gnutls_rsa_params_import_pkcs1(rsa_params, &m, GNUTLS_X509_FMT_PEM); - - if (ret < 0) - { - DEBUG(D_tls) - debug_printf("RSA params import failed: assume old-style cache file\n"); - } - else - { - ret = gnutls_dh_params_import_pkcs3(dh_params, &m, GNUTLS_X509_FMT_PEM); - if (ret < 0) - return tls_error(US"DH params import", host, ret); - DEBUG(D_tls) debug_printf("read RSA and D-H parameters from file\n"); - } + ret = gnutls_dh_params_import_pkcs3(dh_params, &m, GNUTLS_X509_FMT_PEM); + if (ret < 0) return tls_error(US"DH params import", host, ret); + DEBUG(D_tls) debug_printf("read RSA and D-H parameters from file\n"); free(m.data); } @@ -339,10 +322,6 @@ if (ret < 0) { uschar tempfilename[sizeof(filename) + 10]; - DEBUG(D_tls) debug_printf("generating %d bit RSA key...\n", RSA_BITS); - ret = gnutls_rsa_params_generate2(rsa_params, RSA_BITS); - if (ret < 0) return tls_error(US"RSA key generation", host, ret); - DEBUG(D_tls) debug_printf("generating %d bit Diffie-Hellman key...\n", DH_BITS); ret = gnutls_dh_params_generate2(dh_params, DH_BITS); @@ -362,9 +341,7 @@ if (ret < 0) * certtool or other programs. * * The commands for certtool are: - * $ certtool --generate-privkey --bits 512 >params - * $ echo "" >>params - * $ certtool --generate-dh-params --bits 1024 >> params + * $ certtool --generate-dh-params --bits 1024 > params */ m.size = PARAM_SIZE; @@ -372,16 +349,6 @@ if (ret < 0) if (m.data == NULL) return tls_error(US"memory allocation failed", host, 0); - ret = gnutls_rsa_params_export_pkcs1(rsa_params, GNUTLS_X509_FMT_PEM, - m.data, &m.size); - if (ret < 0) return tls_error(US"RSA params export", host, ret); - - /* Do not write the null termination byte. */ - - m.size = Ustrlen(m.data); - if (write(fd, m.data, m.size) != m.size || write(fd, "\n", 1) != 1) - return tls_error(US"TLS cache write failed", host, 0); - m.size = PARAM_SIZE; ret = gnutls_dh_params_export_pkcs3(dh_params, GNUTLS_X509_FMT_PEM, m.data, &m.size); @@ -398,11 +365,10 @@ if (ret < 0) return tls_error(string_sprintf("failed to rename %s as %s: %s", tempfilename, filename, strerror(errno)), host, 0); - DEBUG(D_tls) debug_printf("wrote RSA and D-H parameters to file %s\n", - filename); + DEBUG(D_tls) debug_printf("wrote D-H parameters to file %s\n", filename); } -DEBUG(D_tls) debug_printf("initialized RSA and D-H parameters\n"); +DEBUG(D_tls) debug_printf("initialized D-H parameters\n"); return OK; } @@ -540,7 +506,6 @@ if (cas != NULL) /* Associate the parameters with the x509 credentials structure. */ gnutls_certificate_set_dh_params(x509_cred, dh_params); -gnutls_certificate_set_rsa_export_params(x509_cred, rsa_params); DEBUG(D_tls) debug_printf("initialized certificate stuff\n"); return OK; |