diff --git a/libratbox/src/gnutls.c b/libratbox/src/gnutls.c index 2d1f413f..9f274b58 100644 --- a/libratbox/src/gnutls.c +++ b/libratbox/src/gnutls.c @@ -31,14 +31,15 @@ #include #include -#include -#if GNUTLS_VERSION_MAJOR < 3 +#if (GNUTLS_VERSION_MAJOR < 3) # include +#else +# include #endif -static gnutls_certificate_credentials x509; -static gnutls_dh_params dh_params; +static gnutls_certificate_credentials_t x509; +static gnutls_dh_params_t dh_params; static gnutls_priority_t default_priority; /* These are all used for getting GnuTLS to supply a client cert. */ @@ -162,7 +163,7 @@ rb_ssl_start_accepted(rb_fde_t *new_F, ACCB * cb, void *data, int timeout) gnutls_dh_set_prime_bits(*ssl, 1024); gnutls_transport_set_ptr(*ssl, (gnutls_transport_ptr_t) (long int)new_F->fd); gnutls_certificate_server_set_request(*ssl, GNUTLS_CERT_REQUEST); - gnutls_priority_set(SSL_P(F), default_priority); + gnutls_priority_set(*ssl, default_priority); if(do_ssl_handshake(new_F, rb_ssl_tryaccept, NULL)) { @@ -256,13 +257,13 @@ rb_ssl_write(rb_fde_t *F, const void *buf, size_t count) return rb_ssl_read_or_write(1, F, NULL, buf, count); } +#if (GNUTLS_VERSION_MAJOR < 3) static void rb_gcry_random_seed(void *unused) { -#if GNUTLS_VERSION_MAJOR < 3 gcry_fast_random_poll(); -#endif } +#endif int rb_init_ssl(void) @@ -281,7 +282,10 @@ rb_init_ssl(void) gnutls_certificate_set_retrieve_function(x509, cert_callback); #endif +#if (GNUTLS_VERSION_MAJOR < 3) rb_event_addish("rb_gcry_random_seed", rb_gcry_random_seed, NULL, 300); +#endif + return 1; } @@ -303,10 +307,16 @@ cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nr #endif { /* XXX - ugly hack. Tell GnuTLS to use the first (only) certificate we have for auth. */ +#if (GNUTLS_VERSION_MAJOR < 3) st->type = GNUTLS_CRT_X509; +#else + st->cert_type = GNUTLS_CRT_X509; + st->key_type = GNUTLS_PRIVKEY_X509; +#endif st->ncerts = x509_cert_count; st->cert.x509 = x509_cert; st->key.x509 = x509_key; + st->deinit_all = 0; return 0; } @@ -563,8 +573,6 @@ rb_init_prng(const char *path, prng_seed_t seed_type) { #if GNUTLS_VERSION_MAJOR < 3 gcry_fast_random_poll(); -#else - gnutls_rnd_refresh(); #endif return 1; }