From b26ab9ab5a50f91381a2d8b8fe99c896a053a343 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Thu, 2 Feb 2017 10:13:06 +0100 Subject: [PATCH] use builtin dh_params with newer gnutls MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit this is recommended instead of generating our own, but needs a new enough gnutls version. Signed-off-by: Fabian Grünbichler --- vncterm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/vncterm.c b/vncterm.c index 0e33791..0614e4b 100644 --- a/vncterm.c +++ b/vncterm.c @@ -256,7 +256,11 @@ tls_initialize_anon_cred(void) return NULL; } +#if GNUTLS_VERSION_NUMBER >= 0x030506 + gnutls_anon_set_server_known_dh_params(anon_cred, GNUTLS_SEC_PARAM_MEDIUM); +#else gnutls_anon_set_server_dh_params(anon_cred, dh_params); +#endif return anon_cred; } @@ -290,8 +294,13 @@ tls_initialize_x509_cred(void) gnutls_certificate_free_credentials(x509_cred); return NULL; } - +#if GNUTLS_VERSION_NUMBER >= 0x030506 + /* only available since GnuTLS 3.5.6, on previous versions see + * gnutls_certificate_set_dh_params(). */ + gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM); +#else gnutls_certificate_set_dh_params (x509_cred, dh_params); +#endif return x509_cred; } -- 2.39.2