From f59ce2b9a131fb102b737cb1794d48b7ffa4a226 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 26 Jan 2009 03:41:27 +0000
Subject: [PATCH] ITS#5462 add randfile support for gcrypt 1.4

---
 libraries/libldap/tls_g.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index 1d2935f332..4d2f60bc1d 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -51,8 +51,15 @@
 
 #if LIBGNUTLS_VERSION_NUMBER >= 0x020200
 #define	HAVE_CIPHERSUITES	1
+/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
+ * but that dependency isn't reflected in their configure script, resulting in
+ * build errors on older gcrypt. So, if they have a working build environment,
+ * assume gcrypt is new enough.
+ */
+#define HAVE_GCRYPT_RAND	1
 #else
 #undef HAVE_CIPHERSUITES
+#undef HAVE_GCRYPT_RAND
 #endif
 
 #ifndef HAVE_CIPHERSUITES
@@ -163,6 +170,17 @@ tlsg_thr_init( void )
 static int
 tlsg_init( void )
 {
+#ifdef HAVE_GCRYPT_RAND
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
+	if ( lo->ldo_tls_randfile &&
+		gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
+		Debug( LDAP_DEBUG_ANY,
+		"TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
+		0, 0, 0);
+		return -1;
+	}
+#endif
+
 	gnutls_global_init();
 
 #ifndef HAVE_CIPHERSUITES
-- 
2.39.5