git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
411ef85
)
Some tidying got overlooked in the "removal of RSA_EXPORT" patch.
author
Philip Hazel
<ph10@hermes.cam.ac.uk>
Mon, 16 Oct 2006 13:20:18 +0000
(13:20 +0000)
committer
Philip Hazel
<ph10@hermes.cam.ac.uk>
Mon, 16 Oct 2006 13:20:18 +0000
(13:20 +0000)
src/src/tls-gnu.c
patch
|
blob
|
history
diff --git
a/src/src/tls-gnu.c
b/src/src/tls-gnu.c
index 98aea4451ffe7aa1f04eb1e3c09173bbda93614d..fa3b2bddc28e3eb1910d01e759f036e02c6d022d 100644
(file)
--- a/
src/src/tls-gnu.c
+++ b/
src/src/tls-gnu.c
@@
-1,4
+1,4
@@
-/* $Cambridge: exim/src/src/tls-gnu.c,v 1.1
3 2006/10/16 10:58:40
ph10 Exp $ */
+/* $Cambridge: exim/src/src/tls-gnu.c,v 1.1
4 2006/10/16 13:20:18
ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
/*************************************************
* Exim - an Internet mail transport agent *
@@
-230,10
+230,10
@@
return TRUE; /* accept */
/*************************************************
/*************************************************
-*
Setup up RSA and DH parameters
*
+*
Setup up DH parameters
*
*************************************************/
*************************************************/
-/* Generating the
RSA and D-H parameters takes
a long time. They only need to
+/* Generating the
D-H parameters may take
a long time. They only need to
be re-generated every so often, depending on security policy. What we do is to
keep these parameters in a file in the spool directory. If the file does not
exist, we generate them. This means that it is easy to cause a regeneration.
be re-generated every so often, depending on security policy. What we do is to
keep these parameters in a file in the spool directory. If the file does not
exist, we generate them. This means that it is easy to cause a regeneration.
@@
-250,7
+250,7
@@
Returns: OK/DEFER/FAIL
*/
static int
*/
static int
-init_
rsa_
dh(host_item *host)
+init_dh(host_item *host)
{
int fd;
int ret;
{
int fd;
int ret;
@@
-269,10
+269,7
@@
if (!string_format(filename, sizeof(filename), "%s/gnutls-params",
return tls_error(US"overlong filename", host, 0);
/* Open the cache file for reading and if successful, read it and set up the
return tls_error(US"overlong filename", host, 0);
/* Open the cache file for reading and if successful, read it and set up the
-parameters. If we can't set up the RSA parameters, assume that we are dealing
-with an old-style cache file that is in another format, and fall through to
-compute new values. However, if we correctly get RSA parameters, a failure to
-set up D-H parameters is treated as an error. */
+parameters. */
fd = Uopen(filename, O_RDONLY, 0);
if (fd >= 0)
fd = Uopen(filename, O_RDONLY, 0);
if (fd >= 0)
@@
-294,7
+291,7
@@
if (fd >= 0)
ret = gnutls_dh_params_import_pkcs3(dh_params, &m, GNUTLS_X509_FMT_PEM);
if (ret < 0) return tls_error(US"DH params import", host, ret);
ret = gnutls_dh_params_import_pkcs3(dh_params, &m, GNUTLS_X509_FMT_PEM);
if (ret < 0) return tls_error(US"DH params import", host, ret);
- DEBUG(D_tls) debug_printf("read
RSA and
D-H parameters from file\n");
+ DEBUG(D_tls) debug_printf("read D-H parameters from file\n");
free(m.data);
}
free(m.data);
}
@@
-404,10
+401,10
@@
initialized = (host == NULL)? INITIALIZED_SERVER : INITIALIZED_CLIENT;
rc = gnutls_global_init();
if (rc < 0) return tls_error(US"tls-init", host, rc);
rc = gnutls_global_init();
if (rc < 0) return tls_error(US"tls-init", host, rc);
-/* Create
RSA and D-H parameters, or read them from the cache file. Thi
s
-
function does
its own SMTP error messaging. */
+/* Create
D-H parameters, or read them from the cache file. This function doe
s
+its own SMTP error messaging. */
-rc = init_
rsa_
dh(host);
+rc = init_dh(host);
if (rc != OK) return rc;
/* Create the credentials structure */
if (rc != OK) return rc;
/* Create the credentials structure */