From: Howard Chu <hyc@openldap.org>
Date: Mon, 26 Jan 2009 03:41:27 +0000 (+0000)
Subject: ITS#5462 add randfile support for gcrypt 1.4
X-Git-Tag: ACLCHECK_0~952
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=f59ce2b9a131fb102b737cb1794d48b7ffa4a226;p=openldap

ITS#5462 add randfile support for gcrypt 1.4
---

diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index 1d2935f332..4d2f60bc1d 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -51,8 +51,15 @@
 
 #if LIBGNUTLS_VERSION_NUMBER >= 0x020200
 #define	HAVE_CIPHERSUITES	1
+/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
+ * but that dependency isn't reflected in their configure script, resulting in
+ * build errors on older gcrypt. So, if they have a working build environment,
+ * assume gcrypt is new enough.
+ */
+#define HAVE_GCRYPT_RAND	1
 #else
 #undef HAVE_CIPHERSUITES
+#undef HAVE_GCRYPT_RAND
 #endif
 
 #ifndef HAVE_CIPHERSUITES
@@ -163,6 +170,17 @@ tlsg_thr_init( void )
 static int
 tlsg_init( void )
 {
+#ifdef HAVE_GCRYPT_RAND
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
+	if ( lo->ldo_tls_randfile &&
+		gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
+		Debug( LDAP_DEBUG_ANY,
+		"TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
+		0, 0, 0);
+		return -1;
+	}
+#endif
+
 	gnutls_global_init();
 
 #ifndef HAVE_CIPHERSUITES