ITS#5462 add randfile support for gcrypt 1.4

author Howard Chu <hyc@openldap.org>

Mon, 26 Jan 2009 03:41:27 +0000 (03:41 +0000)

committer Howard Chu <hyc@openldap.org>

Mon, 26 Jan 2009 03:41:27 +0000 (03:41 +0000)
author Howard Chu <hyc@openldap.org>
Mon, 26 Jan 2009 03:41:27 +0000 (03:41 +0000)
committer Howard Chu <hyc@openldap.org>
Mon, 26 Jan 2009 03:41:27 +0000 (03:41 +0000)
diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c

index 1d2935f332141e5588b3ae23119d3a5b5d451607..4d2f60bc1d1dad8590a5e428ab53882546efa7ee 100644 (file)
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -51,8 +51,15 @@
  
  #if LIBGNUTLS_VERSION_NUMBER >= 0x020200
  #define        HAVE_CIPHERSUITES       1
+/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
+ * but that dependency isn't reflected in their configure script, resulting in
+ * build errors on older gcrypt. So, if they have a working build environment,
+ * assume gcrypt is new enough.
+ */
+#define HAVE_GCRYPT_RAND       1
  #else
  #undef HAVE_CIPHERSUITES
+#undef HAVE_GCRYPT_RAND
  #endif
  
  #ifndef HAVE_CIPHERSUITES
@@ -163,6 +170,17 @@ tlsg_thr_init( void )
  static int
  tlsg_init( void )
  {
+#ifdef HAVE_GCRYPT_RAND
+       struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
+       if ( lo->ldo_tls_randfile &&
+               gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
+               Debug( LDAP_DEBUG_ANY,
+               "TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
+               0, 0, 0);
+               return -1;
+       }
+#endif
+
         gnutls_global_init();
  
  #ifndef HAVE_CIPHERSUITES
author	Howard Chu <hyc@openldap.org>
	Mon, 26 Jan 2009 03:41:27 +0000 (03:41 +0000)
committer	Howard Chu <hyc@openldap.org>
	Mon, 26 Jan 2009 03:41:27 +0000 (03:41 +0000)