From af3498d60d7cae92d50e56353ae19f304b84e6ca Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Thu, 17 May 2012 01:32:13 -0400 Subject: Guards for older releases of GnuTLS. gnutls_sec_param_to_pk_bits() and gnutls_rnd() are both new as of GnuTLS 2.12.x. Guard their usage on 2.12.0+ at compile time. In older versions, the vaguely_random_number() function just immediately calls the fallback, so it's the same as before this change (just one extra indirection in the code-path). Define a constant of 1024 for dh-bits for use in those old releases where GnuTLS won't tell us how many we should use. Change the on-disk filename for generated D-H params again, replacing the -normal with -, so that it's 1024 or whatever, and as the value changes, Exim will automatically start using the new value. --- doc/doc-txt/ChangeLog | 1 + 1 file changed, 1 insertion(+) (limited to 'doc/doc-txt/ChangeLog') diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index ff463b1a4..a93041e62 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -106,6 +106,7 @@ PP/25 Revamped GnuTLS support, passing tls_require_ciphers to gnutls_priority_init, ignoring Exim options gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols (no longer supported). Added SNI support via GnuTLS too. + Made ${randint:..} supplier available, if using not-too-old GnuTLS. PP/26 Added EXPERIMENTAL_OCSP for OpenSSL. -- cgit v1.2.3