From: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date: Thu, 2 Feb 2017 09:13:06 +0000 (+0100)
Subject: use builtin dh_params with newer gnutls
X-Git-Url: https://git.proxmox.com/?p=vncterm.git;a=commitdiff_plain;h=b26ab9ab5a50f91381a2d8b8fe99c896a053a343

use builtin dh_params with newer gnutls

this is recommended instead of generating our own, but needs
a new enough gnutls version.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---

diff --git a/vncterm.c b/vncterm.c
index 0e33791..0614e4b 100644
--- a/vncterm.c
+++ b/vncterm.c
@@ -256,7 +256,11 @@ tls_initialize_anon_cred(void)
 		return NULL;
 	}
 
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+	gnutls_anon_set_server_known_dh_params(anon_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
 	gnutls_anon_set_server_dh_params(anon_cred, dh_params);
+#endif
 
 	return anon_cred;
 }
@@ -290,8 +294,13 @@ tls_initialize_x509_cred(void)
 		gnutls_certificate_free_credentials(x509_cred);
 		return NULL;
 	}
-
+#if GNUTLS_VERSION_NUMBER >= 0x030506
+	/* only available since GnuTLS 3.5.6, on previous versions see
+	 * gnutls_certificate_set_dh_params(). */
+	gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM);
+#else
 	gnutls_certificate_set_dh_params (x509_cred, dh_params);
+#endif
 
 	return x509_cred;
 }