From af3498d60d7cae92d50e56353ae19f304b84e6ca Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Thu, 17 May 2012 01:32:13 -0400 Subject: Guards for older releases of GnuTLS. gnutls_sec_param_to_pk_bits() and gnutls_rnd() are both new as of GnuTLS 2.12.x. Guard their usage on 2.12.0+ at compile time. In older versions, the vaguely_random_number() function just immediately calls the fallback, so it's the same as before this change (just one extra indirection in the code-path). Define a constant of 1024 for dh-bits for use in those old releases where GnuTLS won't tell us how many we should use. Change the on-disk filename for generated D-H params again, replacing the -normal with -, so that it's 1024 or whatever, and as the value changes, Exim will automatically start using the new value. --- doc/doc-txt/NewStuff | 3 +++ 1 file changed, 3 insertions(+) (limited to 'doc/doc-txt/NewStuff') diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 82eaeb73b..7b3b5aff0 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -80,6 +80,9 @@ Version 4.78 SNI support has been added to Exim's GnuTLS integration too. + For sufficiently recent GnuTLS libraries, ${randint:..} will now use + gnutls_rnd(), asking for GNUTLS_RND_NONCE level randomness. + 12. With OpenSSL, if built with EXPERIMENTAL_OCSP, a new option tls_ocsp_file is now available. If the contents of the file are valid, then Exim will send that back in response to a TLS status request; this is OCSP Stapling. -- cgit v1.2.3