X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/7199e1ee2c175060f708ff91ccaf992b5afdbaa9..e6060e2ce135caa2d48e682c4d76d071ff760a30:/src/src/tls-gnu.c diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 2a81c8b8a..0e90b7908 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/tls-gnu.c,v 1.20 2008/09/03 18:53:29 fanf2 Exp $ */ +/* $Cambridge: exim/src/src/tls-gnu.c,v 1.23 2009/10/16 09:51:12 nm4 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -792,6 +792,18 @@ if (verify_requirement != VERIFY_NONE) gnutls_db_set_cache_expiration(session, ssl_session_timeout); +/* Reduce security in favour of increased compatibility, if the admin +decides to make that trade-off. */ +if (gnutls_compat_mode) + { +#if LIBGNUTLS_VERSION_NUMBER >= 0x020104 + DEBUG(D_tls) debug_printf("lowering GnuTLS security, compatibility mode\n"); + gnutls_session_enable_compatibility_mode(session); +#else + DEBUG(D_tls) debug_printf("Unable to set gnutls_compat_mode - GnuTLS version too old\n"); +#endif + } + DEBUG(D_tls) debug_printf("initialized GnuTLS session\n"); return session; } @@ -1172,7 +1184,9 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) ssl_xfer_error = 1; return EOF; } - +#ifndef DISABLE_DKIM + dkim_exim_verify_feed(ssl_xfer_buffer, inbytes); +#endif ssl_xfer_buffer_hwm = inbytes; ssl_xfer_buffer_lwm = 0; } @@ -1296,4 +1310,24 @@ gnutls_global_deinit(); tls_active = -1; } + + + +/************************************************* +* Report the library versions. * +*************************************************/ + +/* See a description in tls-openssl.c for an explanation of why this exists. + +Arguments: a FILE* to print the results to +Returns: nothing +*/ + +void +tls_version_report(FILE *f) +{ +fprintf(f, "GnuTLS compile-time version: %s\n", LIBGNUTLS_VERSION); +fprintf(f, "GnuTLS runtime version: %s\n", gnutls_check_version(NULL)); +} + /* End of tls-gnu.c */