use builtin dh_params with newer gnutls
authorFabian Grünbichler <f.gruenbichler@proxmox.com>
Thu, 2 Feb 2017 09:13:06 +0000 (10:13 +0100)
committerDietmar Maurer <dietmar@proxmox.com>
Fri, 3 Feb 2017 07:27:58 +0000 (08:27 +0100)
this is recommended instead of generating our own, but needs
a new enough gnutls version.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
vncterm.c

index 0e33791..0614e4b 100644 (file)
--- a/vncterm.c
+++ b/vncterm.c
@@ -256,7 +256,11 @@ tls_initialize_anon_cred(void)
                return NULL;
        }
 
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+       gnutls_anon_set_server_known_dh_params(anon_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
        gnutls_anon_set_server_dh_params(anon_cred, dh_params);
+#endif
 
        return anon_cred;
 }
@@ -290,8 +294,13 @@ tls_initialize_x509_cred(void)
                gnutls_certificate_free_credentials(x509_cred);
                return NULL;
        }
-
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+       /* only available since GnuTLS 3.5.6, on previous versions see
+        * gnutls_certificate_set_dh_params(). */
+       gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
        gnutls_certificate_set_dh_params (x509_cred, dh_params);
+#endif
 
        return x509_cred;
 }