Hello,
there seems to be small bug with possibly big consequences in
tls-gnu.c. Because of a wrong condition
gnutls_(rsa|dh)_params_generate2 is never invoked. I do not know the
implications of this, but I guess gnutls_(rsa|dh)_params_generate2 are
not used just for fun.
The bug is this one:
---------------------
int ret = -1;
[...]
ret = gnutls_dh_params_init(&dh_params);
if (ret < 0) return tls_error(US"init dh_params", host, ret);
[...]
fd = Uopen(filename, O_RDONLY, 0);
if (fd >= 0)
{
[Do stuff _if_ gnutls-params file exists]
}
/* If the file does not exist, fall through to compute new data and cache it.
If there was any other opening error, it is serious. */
else if (errno != ENOENT)
return tls_error(string_open_failed(errno, "%s for reading", filename),
host, 0);
/* If ret < 0, either the cache file does not exist, or the data it contains
is not useful. One particular case of this is when upgrading from an older
release of Exim in which the data was stored in a different format. We don't
try to be clever and support both formats; we just regenerate new data in this
case. */
if (ret < 0)
{
[statements supposed o take care of missing gnutls-params file]
---------------------
As you can see ret is _not_ set to -1 if the gnutls-params file is
missing, so the statements never hit.
Crude fix:
--------------------
--- src/tls-gnu.c.orig 2005-05-04 13:35:39.000000000 +0200
+++ src/tls-gnu.c 2005-06-26 13:49:51.080881440 +0200
@@ -281,6 +281,8 @@
set up D-H parameters is treated as an error. */
fd = Uopen(filename, O_RDONLY, 0);
+/* reinitialize ret, as it is used to detect whther the original file existed */
+ret=-1;
if (fd >= 0)
{
struct stat statbuf;
--------------------
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
http://downhill.aus.cc/